Access file system through query string or params

I have been given a task of reproducing the issue/testing the unauth开发者_高级运维orized access to file system through request.param and query string.

For instance i have something like this. request.querystring("blah"); How could somebody pass "../../../b1/b2" in the query string and access file system.

This may be related to cross site scripting.

Need help..at least provide resources. Thanks in advance.

---

Wish I could provide a definitive answer, but can at least steer you in some direction. Not sure how confident you are that request.querystring() was indeed responsible, but some possibilities are:

Directory Traversal/Path Traversal:

Overview: http://en.wikipedia.org/wiki/Directory_traversal
Testing For: http://www.owasp.org/index.php/Testing_for_Path_Traversal

Remote File Inclusion:

Overview: http://en.wikipedia.org/wiki/Remote_file_inclusion
Tutorial: http://www.offensivecomputing.net/?q=node/624 (KnightLighter's Tutorial)

Hope this moves you in the right direction.