This payload attempts to "climb" out of the application's intended directory to access the system's root folder. : Often refers to a function (like in PHP) that dynamically loads files based on user input. : This is a URL-encoded version of . In a file system, means "go up one directory level". : The goal is to reach the root directory ( ) or a specific sensitive folder like to read protected system files. How the Attack Works Path Traversal | OWASP Foundation