A penetration tester alters the "file" parameter in a web application (e.

CEH v13 explains that directory traversal (also called path traversal) occurs when an application improperly handles user-supplied input used for file path generation. Attackers exploit this by inserting traversal sequences such as ../ beyond the intended directories, gaining access to sensitive files like /etc/passwd, configuration data, or source code. The vulnerability arises from missing input validation and failure to restrict file access to safe directories. CEH stresses that directory traversal is common in file handling functions such as view, download, or include operations. Brute-forcing credentials (Option A) is unrelated. XSS (Option C) targets script injection into web pages, not file access. Buffer overflow (Option D) manipulates memory, not file paths. Therefore, the scenario represents classic directory traversal exploitation.