Difference between revisions of "Absolute Path Traversal"

From OWASP
Jump to: navigation, search
(CandidateForDeletion. Merged whith Path transversal)
Line 1: Line 1:
{{template:CandidateForDeletion}}
+
{{Delete}}
  
 
{{Template:Attack}}
 
{{Template:Attack}}
Line 6: Line 6:
  
 
==Description==
 
==Description==
 
 
If a product expects a filename as input it is possible that it can construct an absolute path such as "/rootdir/subdir," which is then processed by the operating system to access a file or resource that is outside of a restricted path that was intended by the developer.
 
If a product expects a filename as input it is possible that it can construct an absolute path such as "/rootdir/subdir," which is then processed by the operating system to access a file or resource that is outside of a restricted path that was intended by the developer.
  
 
This is similar to path traversal but uses only "/" and not ".." to gain access.
 
This is similar to path traversal but uses only "/" and not ".." to gain access.
 
More detailed information can be found on [[Path_Traversal]]
 
More detailed information can be found on [[Path_Traversal]]
 
  
 
==Risk Factors==
 
==Risk Factors==
 
 
  
 
==Examples==
 
==Examples==
  
 
===How does the attack work?===
 
===How does the attack work?===
 
 
:The following URLs maybe are vulnerable to this attack:
 
:The following URLs maybe are vulnerable to this attack:
  
Line 34: Line 29:
  
 
:When the web server returns information about errors in a web application, it is much easier for the attacker to guess the correct locations (e.g. path to the file with a source code, which then may be displayed).
 
:When the web server returns information about errors in a web application, it is much easier for the attacker to guess the correct locations (e.g. path to the file with a source code, which then may be displayed).
 
  
 
==Related [[Threat Agents]]==
 
==Related [[Threat Agents]]==
 
 
* [[:Category: Information Disclosure]]
 
* [[:Category: Information Disclosure]]
 
  
 
==Related [[Attacks]]==
 
==Related [[Attacks]]==
 
 
* [[Path Manipulation]]
 
* [[Path Manipulation]]
 
* [[Path Traversal]]
 
* [[Path Traversal]]
 
* [[Resource Injection]]
 
* [[Resource Injection]]
 
  
 
==Related [[Vulnerabilities]]==
 
==Related [[Vulnerabilities]]==
 
 
* [[:Category:Input Validation Vulnerability]]
 
* [[:Category:Input Validation Vulnerability]]
  
  
 
==Related [[Controls]]==
 
==Related [[Controls]]==
 
 
* [[:Category:Input Validation]]
 
* [[:Category:Input Validation]]
 
  
 
==References==
 
==References==
 
 
  
 
[[Category:Abuse of Functionality]]
 
[[Category:Abuse of Functionality]]
 
[[Category:Path Traversal Attack]]
 
[[Category:Path Traversal Attack]]
 
[[Category:Resource Manipulation]]
 
[[Category:Resource Manipulation]]

Revision as of 23:21, 7 August 2008


This article has been recommended for deletion.
You can help OWASP by improving it or discussing it on its Talk page.


This is an Attack. To view all attacks, please see the Attack Category page.


Last revision (mm/dd/yy): 08/7/2008

Description

If a product expects a filename as input it is possible that it can construct an absolute path such as "/rootdir/subdir," which is then processed by the operating system to access a file or resource that is outside of a restricted path that was intended by the developer.

This is similar to path traversal but uses only "/" and not ".." to gain access. More detailed information can be found on Path_Traversal

Risk Factors

Examples

How does the attack work?

The following URLs maybe are vulnerable to this attack:
http://testsite.com/get.php?f=list
http://testsite.com/get.cgi?f=2
http://testsite.com/get.asp?f=test
A simple way to execute this attack is like this:
http://testsite.com/get.php?f=/var/www/html/get.php
http://testsite.com/get.cgi?f=/var/www/html/admin/get.inc
http://testsite.com/get.asp?f=/etc/passwd
When the web server returns information about errors in a web application, it is much easier for the attacker to guess the correct locations (e.g. path to the file with a source code, which then may be displayed).

Related Threat Agents

Related Attacks

Related Vulnerabilities


Related Controls

References