• Register

Directory traversal is a type of HTTP exploit that is used by attackers to gain unauthorized access to restricted directories and files. Directory traversal attacks use web server software to exploit inadequate security mechanisms and access directories and files stored outside of the web root folder. An attacker that exploits a directory traversal vulnerability is capable of compromising the entire web server.

There are two security mechanisms that web servers use to restrict user access: root directory and Access Control Lists (ACLs). The root directory is the top-most directory on a server file system. User access is confined to the root directory, meaning users are unable to access directories or files outside of the root. Administrators use Access Control Lists to define user access rights and privileges for viewing, modifying, and executing files.


Directory Traversal Vulnerability

A directory traversal vulnerability is the result of insufficient filtering/validation of browser input from users. Directory traversal vulnerabilities can be located in web server software/files or in application code that is executed on the server. Directory traversal vulnerabilities can exist in a variety of programming languages, including Python, PHP, Apache, ColdFusion, Perl, and more. Enterprises commonly rely on vulnerability scanning and manual penetration testing techniques to detect directory traversal vulnerabilities.

 

Directory Traversal Examples

Directory traversal attacks can be viewed in two basic groups: attacks that target directory traversal vulnerabilities in the web server and attacks that target vulnerabilities in application code.

Attackers are able to exploit vulnerabilities in application code by sending URLs to the web server that instruct the server to return specific files to the application. For this method to work, the attacker must find a URL in which an application retrieves a file from the web server. Once the attacker discovers such a URL, they can simply modify the URL string with commands for the server and the name of the file they seek to access. The “../” directive is commonly used, as it instructs the web server to retrieve a file from one directory up. An attacker that is attempting to access a specific file will simply use trial-and-error to determine how many “…/” commands it takes to locate the correct directory and retrieve the file via the application.

Directory traversal vulnerabilities that exist on web servers are typically exploited to execute files. The method for this type of directory traversal attack involves sending URLs to the web server that contain the name of the targeted file and have been modified with commands and web server escape codes. Escape codes are used as workarounds when certain commands are being filtered for; for example, an attacker might use the "%2e%2e/" escape code if the “../” command is blocked. Again, this directory traversal example requires trial-and-error from the attacker, but it is still fairly easy to access and execute files when adequate preventative procedures are not in place.

 

Preventing Directory Traversal Vulnerabilities

There are several measures that enterprises can take to prevent directory traversal attacks and vulnerabilities. For starters, programmers should be trained to validate user input from browsers. Input validation assures that attackers cannot use commands that leave the root directory or violate other access privileges. Beyond this, filters can be used to block certain user input. Enterprises typically employ filters to block URLs containing commands and escape codes that are commonly used by attackers. Additionally, web server software (and any software that is used) should be kept up-to-date with current patches. Regularly patching software is a critical practice for reducing security risk, as software patches typically contain security fixes.

Guests Online

We have 86 guests and no members online

CORE Impact Professional

Logo Core ImpactCORE Impact Professional is the most comprehensive software solution for assessing and testing security vulnerabilities throughout your organization.

 
 

Read More...

IBM Security AppScan

Logo IBM Rational AppScanIBM Rational AppScan Enterprise is a scalable solution to help resolve application security vulnerabilities, offering recommendations to simplify remediation.

 

Read More...

HP WebInspect

Logo - HP WebInspectHP WebInspect gives security professionals and security novices alike the power and knowledge to quickly identify and validate critical, high-risk security vulnerabilities.

 

Read More...

Acunetix WVS

logo acunetix web application securityAcunetix Web Vulnerability Scanner (WVS) is an automated web application security testing tool that audits web applications by checking for hacking vulnerabilities. 

 

Read More...

w4rri0r - Hacking Is Not A Crime - It's an art of Awareness

\/ w4rri0r - Hacking Is Not A Crime - It's an art of Awareness \/ -  w4rri0r work in the dark, w4rri0r do what w4rri0r can, w4rri0r give what w4rri0r have, w4rri0r doubt is w4rri0r passion and w4rri0r passion is w4rri0r task. The rest is the madness of art \/ w4rri0r \/ 

\/ w4rri0r.com \/ are the great resource for information security professionals and researcher. \/ w4rri0r \/ offers a extensive variation of information security services that include SECURITY EXPLOITS (Bug or Vulnerability), SECURITY ADVISORIES (Security Alerts), SECURITY RESEARCHER TOOLBOX (Freeware, Shareware & Open-Source), SHELLCODE (Attacker Controller - Chunk of Data), SECURITY TRAINING (Educational Purpose), SECURITY NEWS (Security Recent or Important Events) and with this group you can be assured that you’re in the right hands. \/ w4rri0r gr0up \/  efforts being endorsed and appreciated by administrators, security researchers and members of various underground hacking groups and communities worldwide.

\/ w4rri0r mission \/ are to make the information systems more secure, more aware, more reliable and protect against possible security breaches.