What type of attack allows an attacker to access restricted directories?

The type of attack that allows an attacker to access restricted directories is directory traversal. This attack takes advantage of vulnerabilities in web applications by allowing an attacker to manipulate file paths. By using special characters, such as "../", an attacker can essentially navigate the directory structure of the server, moving up and down the file tree. This can lead to unauthorized access to sensitive files and directories that should be out of reach of the public or unauthorized users.

Directory traversal is particularly dangerous because it can expose configuration files, user data, or even critical system files, providing the attacker with valuable information that can be used for further exploitation.

The other types of attacks mentioned have distinct characteristics and targets. Cross-site scripting is focused on injecting malicious scripts into web pages viewed by users, which primarily aims to steal information or manipulate user sessions. SQL injection targets databases by injecting malicious SQL queries, which can compromise data integrity but does not specifically allow access to directories. Phishing is a social engineering attack used to trick users into providing confidential information, such as passwords or personal data, rather than manipulating files or directories on a server.