Directory traversal attack

Under Directory traversal refers to a vulnerability in web applications such as a Web server or a Web application in which you can access through manipulation of paths to arbitrary files and directories that were not actually provided for. This can be exploited that sensitive data such as passwords are revealed.

Details

Should normally can not be accessed files a web server outside the web directory or its subdirectories from the outside. In a directory traversal attack, an attacker now tries to access means of manipulated paths to files outside of this directory.

Fundamental to this attack that you / in the directory structure moves with the indication of .. one level up or with / to the root of the directory structure.

Example

A URL look like this:

Http://www.example.com/index.foo?item=datei1.html The item argument is used here to specify a file to be output. If the index.foo script the argument may not be adequately verified, there is a directory traversal vulnerability.

An attacker can now specify a different file, which can also be in a completely different directory, since you can go through in a path by specifying .. / one folder level above. Suppose the web directory lie three directory levels deep on the C: drive, the following URL would on a Windows web server output the C :/ CONFIG.SYS file when the index.foo script has read access to this file.

Http://www.example.com/index.foo?item=../../../Config.sys The exact directory depth is usually not known, although an attacker, it can also be determined by trial and error.

If the web server itself vulnerable, they could not only read arbitrary files, but also any applications be called, for example by:

Http://www.example.com/index.foo?item=../../../Windows/System32/cmd.exe?/C dir C: \ As a countermeasure to look simply to .. / in a path is not enough. It must also be borne in mind that individual characters could be replaced by URL encoding. (Sun causes such as% 2e % 2e % 2f in a URL exactly the same as .. /. )

• Vulnerability