Difference between revisions of "Absolute Path Traversal"

From OWASP
Jump to: navigation, search
Line 1: Line 1:
{{Template:Stub}}
+
{{Template:Attack}}
[[Category:Enviroment]]
+
 
[[Category:Deployment]]
+
==Description==
[[Category:Attack]]
+
 
  
 
If a product expects a filename as input it is possible that it can construct an absolute path such as "/rootdir/subdir," which is then processed by the operating system to access a file or resource that is outside of a restricted path that was intended by the developer.
 
If a product expects a filename as input it is possible that it can construct an absolute path such as "/rootdir/subdir," which is then processed by the operating system to access a file or resource that is outside of a restricted path that was intended by the developer.
  
 
This is similar to path traversal but uses only "/" and not ".." to gain access.
 
This is similar to path traversal but uses only "/" and not ".." to gain access.
 +
More detailed information can be found on [[Path_Traversal]]
 +
 +
==Examples==
 +
 +
 +
The following URLs maybe are vulnerable to this attack:
 +
 +
http://testsite.com/get.php?f=list
 +
 +
http://testsite.com/get.cgi?f=2
 +
 +
http://testsite.com/get.asp?f=test
 +
 +
 +
A simple way to execute this attack is like this:
 +
 +
http://testsite.com/get.php?f=/var/www/html/get.php
 +
 +
http://testsite.com/get.cgi?f=/var/www/html/admin/get.inc
 +
 +
http://testsite.com/get.asp?f=/etc/passwd
 +
 +
When the web server returns information about errors in a web application, it is much easier for the attacker to guess the correct locations (e.g. path to the file with a source code, which then may be displayed).
 +
 +
 +
==Related Threats==
 +
 +
*[[Category: Information Disclosure]]
 +
 +
 +
==Related Attacks==
 +
 +
 +
*[[Path Manipulation]]
 +
*[[Path Traversal]]
 +
*[[Resource Injection]]
 +
 +
==Related Vulnerabilities==
 +
 +
 +
*[[Category:Input Validation Vulnerability]]
 +
 +
 +
==Related Countermeasures==
 +
 +
*[[Category:Input Validation]]
 +
 +
 +
==Categories==
 +
 +
*[[Category:Resource Manipulation]]
 +
 +
[[Category:Attack]]

Revision as of 18:47, 3 September 2007

This is an Attack. To view all attacks, please see the Attack Category page.


Description

If a product expects a filename as input it is possible that it can construct an absolute path such as "/rootdir/subdir," which is then processed by the operating system to access a file or resource that is outside of a restricted path that was intended by the developer.

This is similar to path traversal but uses only "/" and not ".." to gain access. More detailed information can be found on Path_Traversal

Examples

The following URLs maybe are vulnerable to this attack:

http://testsite.com/get.php?f=list

http://testsite.com/get.cgi?f=2

http://testsite.com/get.asp?f=test


A simple way to execute this attack is like this:

http://testsite.com/get.php?f=/var/www/html/get.php

http://testsite.com/get.cgi?f=/var/www/html/admin/get.inc

http://testsite.com/get.asp?f=/etc/passwd

When the web server returns information about errors in a web application, it is much easier for the attacker to guess the correct locations (e.g. path to the file with a source code, which then may be displayed).


Related Threats


Related Attacks

Related Vulnerabilities


Related Countermeasures


Categories