Difference between revisions of "Absolute Path Traversal"

From OWASP
Jump to: navigation, search
(Categories: adjustment to new template)
Line 59: Line 59:
  
  
==Categories==
 
  
 
[[Category:Resource Manipulation]]
 
[[Category:Resource Manipulation]]
 
[[Category:Abuse of Functionality]]
 
[[Category:Abuse of Functionality]]
 
[[Category:Attack]]
 
[[Category:Attack]]

Revision as of 19:24, 11 June 2008

This is an Attack. To view all attacks, please see the Attack Category page.


Last revision (mm/dd/yy): 06/11/2008

Description

If a product expects a filename as input it is possible that it can construct an absolute path such as "/rootdir/subdir," which is then processed by the operating system to access a file or resource that is outside of a restricted path that was intended by the developer.

This is similar to path traversal but uses only "/" and not ".." to gain access. More detailed information can be found on Path_Traversal


Risk Factors

Examples

How does the attack work?

The following URLs maybe are vulnerable to this attack:
http://testsite.com/get.php?f=list
http://testsite.com/get.cgi?f=2
http://testsite.com/get.asp?f=test
A simple way to execute this attack is like this:
http://testsite.com/get.php?f=/var/www/html/get.php
http://testsite.com/get.cgi?f=/var/www/html/admin/get.inc
http://testsite.com/get.asp?f=/etc/passwd
When the web server returns information about errors in a web application, it is much easier for the attacker to guess the correct locations (e.g. path to the file with a source code, which then may be displayed).


Related Threat Agents


Related Attacks


Related Vulnerabilities


Related Controls


References