Directory traversal | Tài liệu Môn an toàn thông tin Trường đại học sư phạm kỹ thuật TP. Hồ Chí Minh
Directory traversal is also known as Path traversal which is a type of security exploit in which an attacker can access files and directories that are outside the web server's root directory. This can lead to unauthorized access to sensitive information, such as configuration files, database contents, or even system files. Tài liệu giúp bạn tham khảo, ôn tập và đạt kết quả cao. Mời bạn đọc đón xem!
Môn: An toàn thông tin (INSE330380)
Trường: Đại học Sư phạm Kỹ thuật Thành phố Hồ Chí Minh
Thông tin:
Tác giả:
Thông tin :
Môn:
An toàn thông tin (INSE330380)
Trường:
Đại học Sư phạm Kỹ thuật Thành phố Hồ Chí Minh
Tác giả:
Tài liệu liên quan:
Preview text:
DIRECTORY TRAVERSAL
1. What is Directory Traversal?
Directory traversal is also known as Path traversal which is a type of
security exploit in which an attacker can access files and directories that are
outside the web server's root directory. This can lead to unauthorized access to
sensitive information, such as configuration files, database contents, or even system files.
2. How a path traversal attack typically works: o
Web Application Vulnerability: Path traversal attacks exploit vulnerabilities
in web applications that do not properly validate user input or handle file paths securely. o
Manipulating File Paths: The attacker submits a specially crafted input, often
involving directory traversal characters like ‘../’ (dot-dot-slash), to navigate
to directories outside the intended scope. o
Bypassing Security Measures: By using these traversal characters, the
attacker can go up through the directory structure and access files or
directories that they shouldn't have access to. Example:
How the application deals with the resources in use:
http://some_site.com.br/get-files.jsp?file=report.pdf
http://some_site.com.br/get-page.php?home=aaa.html
http://some_site.com.br/some-page.asp?page=index.html
In these examples it’s possible to insert a malicious string as the variable
parameter to access files located outside the web publish directory.
http://some_site.com.br/get-files?file=../../../../some dir/some file
http://some_site.com.br/../../../../some dir/some file
The following URLs show examples of *NIX password file exploitation.
http://some_site.com.br/../../../../etc/shadow
http://some_site.com.br/get-files?file=/etc/passwd Example 2:
The following URLs may be vulnerable to this attack:
http://testsite.com/get.php?f=list
http://testsite.com/get.cgi?f=2
http://testsite.com/get.asp?f=test
An attacker can execute this attack like this:
http://testsite.com/get.php?f=/var/www/html/get.php
http://testsite.com/get.cgi?f=/var/www/html/admin/get.inc
http://testsite.com/get.asp?f=/etc/passwd
When the web server returns information about errors in a web application, it is
much easier for the attacker to guess the correct locations (e.g. path to the file
with a source code, which then may be displayed). 3. Consequences: o
Unauthorized Access: The attacker may be able to access sensitive files or
directories, including configuration files, passwords, and other critical information. o
Data Exfiltration: The attacker can steal sensitive data and use it for malicious purposes. o
Code Execution: In some cases, if the application allows for the execution of
scripts or commands, the attacker might be able to execute arbitrary code on the server.
4. How to Avoid Directory Traversal Vulnerabilities
- How to identify if you are vulnerable:
Be sure you understand how the underlying operating system will process filenames handed off to it.
Don’t store sensitive configuration files inside the web root. - How to protect yourself:
Prefer working without user input when using file system calls.
Validate the user’s input by only accepting known good.
If forced to use user input for file operations, normalize the input before using. 5. References:
https://owasp.org/www-community/attacks/Path_Traversal
https://portswigger.net/web-security/file-path-traversal