Absolute Path Traversal

From OWASP
Revision as of 17:58, 19 October 2008 by KirstenS (Talk | contribs)

Jump to: navigation, search


This article has been recommended for deletion.
You can help OWASP by improving it or discussing it on its Talk page.


This is an Attack. To view all attacks, please see the Attack Category page.


Last revision (mm/dd/yy): 10/19/2008

Description

If a product expects a filename as input it is possible that it can construct an absolute path such as "/rootdir/subdir," which is then processed by the operating system to access a file or resource that is outside of a restricted path that was intended by the developer.

This is similar to path traversal but uses only "/" and not ".." to gain access. More detailed information can be found on Path_Traversal

Risk Factors

Examples

How does the attack work?

The following URLs maybe are vulnerable to this attack:
http://testsite.com/get.php?f=list
http://testsite.com/get.cgi?f=2
http://testsite.com/get.asp?f=test
A simple way to execute this attack is like this:
http://testsite.com/get.php?f=/var/www/html/get.php
http://testsite.com/get.cgi?f=/var/www/html/admin/get.inc
http://testsite.com/get.asp?f=/etc/passwd
When the web server returns information about errors in a web application, it is much easier for the attacker to guess the correct locations (e.g. path to the file with a source code, which then may be displayed).

Related Threat Agents

Related Attacks

Related Vulnerabilities


Related Controls

References