Directory traversal, also known as path traversal, is a web security vulnerability that allows an attacker to read arbitrary files on the server running an application. This attack exploits insufficient security validation of user-supplied input for file paths. By manipulating variables that reference files with "dot-dot-slash" (../) sequences and its variations, an attacker can navigate out of the web root directory. This enables them to access sensitive files such as application source code, configuration files, and critical system files (e.g., /etc/passwd on Unix-like systems), which is the exact behavior described in the question.

A. Parameter/form tampering: This attack involves modifying parameters exchanged between client and server to change application data, such as prices or permissions, not to navigate the file system.

B. Unvalidated input: This is a general class of vulnerabilities. While directory traversal is a result of unvalidated input, it is not the specific attack itself. The question asks for the specific attack, making 'Directory traversal' the more precise answer.

D. Security misconfiguration: This refers to an insecure state of the system (e.g., default credentials, improper permissions) that might enable an attack, but it is not the attack technique itself.

1. MITRE, Common Weakness Enumeration (CWE). (2023). CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'). "The software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory." Retrieved from https://cwe.mitre.org/data/definitions/22.html

2. OWASP Foundation. (n.d.). Path Traversal. "Path traversal (also known as directory traversal) is a web security vulnerability that allows an attacker to read arbitrary files on the server that is running an application... By manipulating variables that reference files with “dot-dot-slash (../)” sequences and its variations, it may be possible to access arbitrary files and directories stored on file system, including application source code or configuration and critical system files." Retrieved from https://owasp.org/www-community/attacks/PathTraversal

3. Pell, D., & Zand, A. (2021). A review of web application security vulnerabilities and countermeasures. International Journal of Computer Science and Information Security (IJCSIS), 19(5), 1-10. In Section III, Part A, the paper describes Directory Traversal as an attack where "an attacker can gain access to files and directories that are stored outside the web root folder... by manipulating variables that reference files with 'dot-dot-slash (../)' sequences."