5:[["$","script",null,{"type":"application/ld+json","dangerouslySetInnerHTML":{"__html":"{\"@context\":\"https://schema.org\",\"@type\":\"BreadcrumbList\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Postman API Monitoring Examples\",\"item\":\"https://developers.qodex.ai/postman-api-monitoring-examples\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Example 04 Check For Common Api Vulnerability\",\"item\":\"https://developers.qodex.ai/postman-api-monitoring-examples/example-04-check-for-common-api-vulnerability\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Directory Traversal\",\"item\":\"https://developers.qodex.ai/postman-api-monitoring-examples/example-04-check-for-common-api-vulnerability/directory-traversal\"},{\"@type\":\"ListItem\",\"position\":4,\"name\":\"Check Vulnerability For Sequences Stripped With Superfluous Urldecode\",\"item\":\"https://developers.qodex.ai/postman-api-monitoring-examples/example-04-check-for-common-api-vulnerability/directory-traversal/check-vulnerability-for-sequences-stripped-with-superfluous-urldecode\"}]}"}}],["$","script",null,{"type":"application/ld+json","dangerouslySetInnerHTML":{"__html":"$57"}}],["$","script",null,{"type":"application/ld+json","dangerouslySetInnerHTML":{"__html":"$58"}}],["$","script",null,{"type":"application/ld+json","dangerouslySetInnerHTML":{"__html":"{\"@context\":\"https://schema.org\",\"@type\":\"WebSite\",\"name\":\"Qodex Developers\",\"url\":\"https://developers.qodex.ai\",\"description\":\"Developer documentation and API reference platform for QodexAI API Network\",\"potentialAction\":{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https://developers.qodex.ai/search?q={search_term_string}\"},\"query-input\":\"required name=search_term_string\"},\"publisher\":{\"@type\":\"Organization\",\"name\":\"QodexAI\",\"url\":\"https://qodex.ai\"},\"inLanguage\":\"en-US\",\"copyrightYear\":2025,\"dateModified\":\"2025-10-02T04:40:53.243Z\"}"}}],["$","main",null,{"className":"px-0 py-2 lg:px-10 lg:py-8 bg-white dark:custom-bg min-h-screen","children":["$","div",null,{"className":"max-w-7xl mx-auto grid grid-cols-1 lg:grid-cols-[1fr_300px] gap-8","children":[["$","div",null,{"className":"max-w-4xl overflow-hidden","children":[["$","div",null,{"className":"flex items-center gap-3 mb-2 border-b lg:border-none border-gray-500/5 dark:border-gray-300/[0.06] px-2 pb-2 lg:px-0 lg:pb-0","children":[["$","$L59",null,{}],["$","div",null,{"className":"flex-1","children":["$","nav",null,{"className":"flex items-center space-x-2 text-sm text-slate-600 dark:text-slate-400 lg:mb-4","children":[["$","$L5a",null,{"href":"/postman-api-monitoring-examples","className":"hover:text-slate-900 dark:hover:text-slate-200","children":"Home"}],[["$","$5b","0",{"children":[["$","svg",null,{"xmlns":"http://www.w3.org/2000/svg","width":24,"height":24,"viewBox":"0 0 24 24","fill":"none","stroke":"currentColor","strokeWidth":2,"strokeLinecap":"round","strokeLinejoin":"round","className":"lucide lucide-chevron-right h-4 w-4","children":[["$","path","mthhwq",{"d":"m9 18 6-6-6-6"}],"$undefined"]}],["$","$L5a",null,{"href":"/postman-api-monitoring-examples/example-04-check-for-common-api-vulnerability","className":"hover:text-slate-900 dark:hover:text-slate-200 line-clamp-1","children":"Example 04 - Check for Common API Vulnerability"}]]}],["$","$5b","1",{"children":[["$","svg",null,{"xmlns":"http://www.w3.org/2000/svg","width":24,"height":24,"viewBox":"0 0 24 24","fill":"none","stroke":"currentColor","strokeWidth":2,"strokeLinecap":"round","strokeLinejoin":"round","className":"lucide lucide-chevron-right h-4 w-4","children":[["$","path","mthhwq",{"d":"m9 18 6-6-6-6"}],"$undefined"]}],["$","$L5a",null,{"href":"/postman-api-monitoring-examples/example-04-check-for-common-api-vulnerability/directory-traversal","className":"hover:text-slate-900 dark:hover:text-slate-200 line-clamp-1","children":"Directory Traversal"}]]}],["$","$5b","2",{"children":[["$","svg",null,{"xmlns":"http://www.w3.org/2000/svg","width":24,"height":24,"viewBox":"0 0 24 24","fill":"none","stroke":"currentColor","strokeWidth":2,"strokeLinecap":"round","strokeLinejoin":"round","className":"lucide lucide-chevron-right h-4 w-4","children":[["$","path","mthhwq",{"d":"m9 18 6-6-6-6"}],"$undefined"]}],["$","span",null,{"className":"text-blue-600 dark:text-green-500 font-medium line-clamp-1","children":"Check vulnerability for sequences stripped with superfluous URL-decode"}]]}]]]}]}]]}],["$","article",null,{"className":"px-4 lg:px-0","children":["$","$L5c",null,{"content":"# Check vulnerability for sequences stripped with superfluous URL-decode\n\nGET {{base_url}}\n\n

This request checks if the API allows an attacker to access files present on the server by passing a file path with various non-standard encodings, such as ..%c0%af or ..%252f, to bypass the input filter.

\n\n\n\n\n\n\n### HEADERS\n| Key | Datatype | Required | Description |\n| -------------- | -------- | -------- | ----------- |\n| `{{access_token_key}}` | string | | |\n\n\n"}]}],["$","nav",null,{"className":"mt-12 pt-8 border-t border-gray-200 dark:border-gray-700","children":["$","div",null,{"className":"flex justify-between items-start","children":[["$","div",null,{"className":"flex-1 pr-4","children":["$","$L5a",null,{"href":"/postman-api-monitoring-examples/example-04-check-for-common-api-vulnerability/directory-traversal","className":"group flex items-center text-sm text-gray-600 dark:text-gray-400 hover:text-gray-900 dark:hover:text-gray-200 transition-colors","children":[["$","svg",null,{"xmlns":"http://www.w3.org/2000/svg","width":24,"height":24,"viewBox":"0 0 24 24","fill":"none","stroke":"currentColor","strokeWidth":2,"strokeLinecap":"round","strokeLinejoin":"round","className":"lucide lucide-chevron-left w-4 h-4 mr-2 group-hover:-translate-x-1 transition-transform","children":[["$","path","1wnfg3",{"d":"m15 18-6-6 6-6"}],"$undefined"]}],["$","div",null,{"children":[["$","div",null,{"className":"text-xs text-gray-500 dark:text-gray-500 mb-1","children":"Previous"}],["$","div",null,{"className":"font-medium line-clamp-2","children":"Directory Traversal"}]]}]]}]}],["$","div",null,{"className":"flex-1 pl-4 text-right","children":["$","$L5a",null,{"href":"/postman-api-monitoring-examples/example-04-check-for-common-api-vulnerability/sql-injection","className":"group flex items-center justify-end text-sm text-gray-600 dark:text-gray-400 hover:text-gray-900 dark:hover:text-gray-200 transition-colors","children":[["$","div",null,{"children":[["$","div",null,{"className":"text-xs text-gray-500 dark:text-gray-500 mb-1","children":"Next"}],["$","div",null,{"className":"font-medium line-clamp-2","children":"SQL Injection"}]]}],["$","svg",null,{"xmlns":"http://www.w3.org/2000/svg","width":24,"height":24,"viewBox":"0 0 24 24","fill":"none","stroke":"currentColor","strokeWidth":2,"strokeLinecap":"round","strokeLinejoin":"round","className":"lucide lucide-chevron-right w-4 h-4 ml-2 group-hover:translate-x-1 transition-transform","children":[["$","path","mthhwq",{"d":"m9 18 6-6-6-6"}],"$undefined"]}]]}]}]]}]}]]}],["$","aside",null,{"className":"hidden lg:block lg:sticky lg:top-[90px] lg:self-start","children":["$","$L5d",null,{"content":"# Check vulnerability for sequences stripped with superfluous URL-decode\n\nGET {{base_url}}\n\n

\n\n\n\n\n\n\n### HEADERS\n| Key | Datatype | Required | Description |\n| -------------- | -------- | -------- | ----------- |\n| `{{access_token_key}}` | string | | |\n\n\n"}]}]]}]}]]