What an Attacker can do if your Website is Vulnerable?

With a system vulnerable to Directory Traversal, an attacker can make use of this vulnerability to step out of the root directory and access other parts of the file system. This might give the attacker the ability to view restricted files, or even more dangerous, allowing the attacker to execute powerful commands on the web server which can lead to a full compromise of the system.

Depending on how the website access is set up, the attacker will execute commands by impersonating himself as the user which is associated with "the website". Therefore it all depends on what the website user has been given access to in the system.

The best way to check whether your web site & applications are vulnerable to Directory Traversal attacks is by using a C-Secure Web Vulnerability Scan Service. This Services is your entire website and automatically checks for Directory Traversal vulnerabilities. It will report the vulnerability and how to easily fix it.