What type of attack involves manipulating file names to access restricted files?

The correct choice involves directory traversal, which refers to a type of attack where an attacker manipulates file paths in a request to access files or directories that are not intended to be accessible. This attack takes advantage of the way web servers handle file names and paths. By using sequences such as "../", attackers can move up the directory structure to access sensitive files outside of the web server's root directory.

In a directory traversal attack, the objective is often to retrieve files that contain sensitive information, such as configuration files, password files, or any other data that should be restricted from public access. This type of vulnerability typically arises from insufficient validation or sanitization of user inputs that specify file paths, which allows attackers to bypass security restrictions.

Other types of attacks mentioned, such as SQL injection, command injection, and XML injection, involve different vectors of vulnerability and are focused on manipulating database queries, executing commands on the server, or exploiting XML parser weaknesses, respectively. These approaches do not specifically target the manipulation of file names and path structures like directory traversal does.