5:[["$","script",null,{"type":"application/ld+json","dangerouslySetInnerHTML":{"__html":"{\"@context\":\"https://schema.org\",\"@type\":\"BreadcrumbList\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Postman Security\",\"item\":\"https://developers.qodex.ai/postman-security\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Check For Common Api Vulnerabilities\",\"item\":\"https://developers.qodex.ai/postman-security/check-for-common-api-vulnerabilities\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Directory Traversal 1\",\"item\":\"https://developers.qodex.ai/postman-security/check-for-common-api-vulnerabilities/directory-traversal-1\"},{\"@type\":\"ListItem\",\"position\":4,\"name\":\"Check Vulnerability For Sequences Stripped With Superfluous Urldecode 1\",\"item\":\"https://developers.qodex.ai/postman-security/check-for-common-api-vulnerabilities/directory-traversal-1/check-vulnerability-for-sequences-stripped-with-superfluous-urldecode-1\"}]}"}}],["$","script",null,{"type":"application/ld+json","dangerouslySetInnerHTML":{"__html":"$8e"}}],["$","script",null,{"type":"application/ld+json","dangerouslySetInnerHTML":{"__html":"$8f"}}],["$","script",null,{"type":"application/ld+json","dangerouslySetInnerHTML":{"__html":"{\"@context\":\"https://schema.org\",\"@type\":\"WebSite\",\"name\":\"Qodex Developers\",\"url\":\"https://developers.qodex.ai\",\"description\":\"Developer documentation and API reference platform for QodexAI API Network\",\"potentialAction\":{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https://developers.qodex.ai/search?q={search_term_string}\"},\"query-input\":\"required name=search_term_string\"},\"publisher\":{\"@type\":\"Organization\",\"name\":\"QodexAI\",\"url\":\"https://qodex.ai\"},\"inLanguage\":\"en-US\",\"copyrightYear\":2025,\"dateModified\":\"2025-10-23T13:02:40.457Z\"}"}}],["$","main",null,{"className":"px-0 py-2 lg:px-10 lg:py-8 bg-white dark:custom-bg min-h-screen","children":["$","div",null,{"className":"max-w-7xl mx-auto grid grid-cols-1 lg:grid-cols-[1fr_300px] gap-8","children":[["$","div",null,{"className":"max-w-4xl overflow-hidden","children":[["$","div",null,{"className":"flex items-center gap-3 mb-2 border-b lg:border-none border-gray-500/5 dark:border-gray-300/[0.06] px-2 pb-2 lg:px-0 lg:pb-0","children":[["$","$L90",null,{}],["$","div",null,{"className":"flex-1","children":["$","nav",null,{"className":"flex items-center space-x-2 text-sm text-slate-600 dark:text-slate-400 lg:mb-4","children":[["$","$L91",null,{"href":"/postman-security","className":"hover:text-slate-900 dark:hover:text-slate-200","children":"Home"}],[["$","$92","0",{"children":[["$","svg",null,{"xmlns":"http://www.w3.org/2000/svg","width":24,"height":24,"viewBox":"0 0 24 24","fill":"none","stroke":"currentColor","strokeWidth":2,"strokeLinecap":"round","strokeLinejoin":"round","className":"lucide lucide-chevron-right h-4 w-4","children":[["$","path","mthhwq",{"d":"m9 18 6-6-6-6"}],"$undefined"]}],["$","$L91",null,{"href":"/postman-security/check-for-common-api-vulnerabilities","className":"hover:text-slate-900 dark:hover:text-slate-200 line-clamp-1","children":"Check for Common API Vulnerabilities"}]]}],["$","$92","1",{"children":[["$","svg",null,{"xmlns":"http://www.w3.org/2000/svg","width":24,"height":24,"viewBox":"0 0 24 24","fill":"none","stroke":"currentColor","strokeWidth":2,"strokeLinecap":"round","strokeLinejoin":"round","className":"lucide lucide-chevron-right h-4 w-4","children":[["$","path","mthhwq",{"d":"m9 18 6-6-6-6"}],"$undefined"]}],["$","$L91",null,{"href":"/postman-security/check-for-common-api-vulnerabilities/directory-traversal-1","className":"hover:text-slate-900 dark:hover:text-slate-200 line-clamp-1","children":"Directory Traversal"}]]}],["$","$92","2",{"children":[["$","svg",null,{"xmlns":"http://www.w3.org/2000/svg","width":24,"height":24,"viewBox":"0 0 24 24","fill":"none","stroke":"currentColor","strokeWidth":2,"strokeLinecap":"round","strokeLinejoin":"round","className":"lucide lucide-chevron-right h-4 w-4","children":[["$","path","mthhwq",{"d":"m9 18 6-6-6-6"}],"$undefined"]}],["$","span",null,{"className":"text-blue-600 dark:text-green-500 font-medium line-clamp-1","children":"Check vulnerability for sequences stripped with superfluous URL-decode"}]]}]]]}]}]]}],["$","article",null,{"className":"px-4 lg:px-0","children":["$","$L93",null,{"content":"# Check vulnerability for sequences stripped with superfluous URL-decode\n\nGET {{base_url}}\n\n

This request checks if the APIs allows an attacker to access file present in the server by passing the file path having various non-standard encodings, such as ..%c0%af or ..%252f to bypass the input filter.

\n\n\n\n\n\n\n### HEADERS\n| Key | Datatype | Required | Description |\n| -------------- | -------- | -------- | ----------- |\n| `{{access_token_key}}` | string | | |\n\n\n"}]}],["$","nav",null,{"className":"mt-12 pt-8 border-t border-gray-200 dark:border-gray-700","children":["$","div",null,{"className":"flex justify-between items-start","children":[["$","div",null,{"className":"flex-1 pr-4","children":["$","$L91",null,{"href":"/postman-security/check-for-common-api-vulnerabilities/directory-traversal-1","className":"group flex items-center text-sm text-gray-600 dark:text-gray-400 hover:text-gray-900 dark:hover:text-gray-200 transition-colors","children":[["$","svg",null,{"xmlns":"http://www.w3.org/2000/svg","width":24,"height":24,"viewBox":"0 0 24 24","fill":"none","stroke":"currentColor","strokeWidth":2,"strokeLinecap":"round","strokeLinejoin":"round","className":"lucide lucide-chevron-left w-4 h-4 mr-2 group-hover:-translate-x-1 transition-transform","children":[["$","path","1wnfg3",{"d":"m15 18-6-6 6-6"}],"$undefined"]}],["$","div",null,{"children":[["$","div",null,{"className":"text-xs text-gray-500 dark:text-gray-500 mb-1","children":"Previous"}],["$","div",null,{"className":"font-medium line-clamp-2","children":"Directory Traversal"}]]}]]}]}],["$","div",null,{"className":"flex-1 pl-4 text-right","children":["$","$L91",null,{"href":"/postman-security/check-for-common-api-vulnerabilities/sql-injection-1","className":"group flex items-center justify-end text-sm text-gray-600 dark:text-gray-400 hover:text-gray-900 dark:hover:text-gray-200 transition-colors","children":[["$","div",null,{"children":[["$","div",null,{"className":"text-xs text-gray-500 dark:text-gray-500 mb-1","children":"Next"}],["$","div",null,{"className":"font-medium line-clamp-2","children":"SQL Injection"}]]}],["$","svg",null,{"xmlns":"http://www.w3.org/2000/svg","width":24,"height":24,"viewBox":"0 0 24 24","fill":"none","stroke":"currentColor","strokeWidth":2,"strokeLinecap":"round","strokeLinejoin":"round","className":"lucide lucide-chevron-right w-4 h-4 ml-2 group-hover:translate-x-1 transition-transform","children":[["$","path","mthhwq",{"d":"m9 18 6-6-6-6"}],"$undefined"]}]]}]}]]}]}]]}],["$","aside",null,{"className":"hidden lg:block lg:sticky lg:top-[90px] lg:self-start","children":["$","$L94",null,{"content":"# Check vulnerability for sequences stripped with superfluous URL-decode\n\nGET {{base_url}}\n\n

\n\n\n\n\n\n\n### HEADERS\n| Key | Datatype | Required | Description |\n| -------------- | -------- | -------- | ----------- |\n| `{{access_token_key}}` | string | | |\n\n\n"}]}]]}]}]]