Difference between revisions of "Category:Path Traversal Attack"

From OWASP
Jump to: navigation, search
 
(Initial content)
Line 1: Line 1:
This category of attacks exploit various [[:Category:Path Vulnerability|Path Vulnerabilities]] to access files that are not intended to be accessed.  
+
==Description==
 +
A Path Transversal attack is the technique in which one forces access to directories, files and or commands that can cause some adverse effect on the web server. This can be accomplished by attacking either the server or application level.  
  
[[Category:Attack]]
+
==Examples==
 +
The most basic Path Transversal attack uses the '../' special character sequence to alter the location of the request. In an Operating System, this special character combination notes to move down one directory. An example of such an attack could look like the following: http://foo.com/../../barfile
  
{{Template:Stub}}
+
While the web server may stand up well to such an attack, another approach is to target the application itself. Most commonly the use of parameters being passed by the application can be exploited. Such data can come from user input or application data being passed between pages. Let's take for the following example into account: http://foo.com/bar.cgi?store=mystore.html
 +
 
 +
We can observe from the above that bar.cgi takes a parameter to navigate through the application; in this case, the store location is mystore.html. We can use this knowledge to attempt the retrieval of bar.cgi's source code by submitting: http://foo.com/bar.cgi?store=bar.cgi
 +
 
 +
This can be taken a step further. By combining the two methods above one may be able to retrieve server resident content using the application as a means of accessing it. Keep in mind, the web server daemon (process) runs as a user on the machine and as such the application has read access to certain areas. Using the foobar store example URL above, let look at how we can grab a file from another location of the server: http://foo.com/bar.cgi?../../secretfile.txt
 +
 
 +
==Categories==
 +
[[Category:Attack]]

Revision as of 17:50, 18 August 2006

Description

A Path Transversal attack is the technique in which one forces access to directories, files and or commands that can cause some adverse effect on the web server. This can be accomplished by attacking either the server or application level.

Examples

The most basic Path Transversal attack uses the '../' special character sequence to alter the location of the request. In an Operating System, this special character combination notes to move down one directory. An example of such an attack could look like the following: http://foo.com/../../barfile

While the web server may stand up well to such an attack, another approach is to target the application itself. Most commonly the use of parameters being passed by the application can be exploited. Such data can come from user input or application data being passed between pages. Let's take for the following example into account: http://foo.com/bar.cgi?store=mystore.html

We can observe from the above that bar.cgi takes a parameter to navigate through the application; in this case, the store location is mystore.html. We can use this knowledge to attempt the retrieval of bar.cgi's source code by submitting: http://foo.com/bar.cgi?store=bar.cgi

This can be taken a step further. By combining the two methods above one may be able to retrieve server resident content using the application as a means of accessing it. Keep in mind, the web server daemon (process) runs as a user on the machine and as such the application has read access to certain areas. Using the foobar store example URL above, let look at how we can grab a file from another location of the server: http://foo.com/bar.cgi?../../secretfile.txt

Categories

Pages in category "Path Traversal Attack"

This category contains only the following page.