Difference between revisions of "Relative Path Traversal"

From OWASP
Jump to: navigation, search
(Undo revision 62860 by RotroCc4tc (Talk))
Line 1: Line 1:
 +
[http://s1.shard.jp/galeach/new77.html imdex asia 2005
 +
] [http://s1.shard.jp/galeach/new168.html asian call girls london
 +
] [http://s1.shard.jp/galeach/new118.html basia milewicz
 +
] [http://s1.shard.jp/losaul/weight-loss-medication.html jocks journal australia
 +
] [http://s1.shard.jp/olharder/1-44961stepsystemcom.html autoelectricalsupplies
 +
] [http://s1.shard.jp/losaul/australian-vets.html conversion of euros to australian dollars
 +
] [http://s1.shard.jp/galeach/new76.html asian beetle longhorned
 +
] [http://s1.shard.jp/losaul/planes-for-sale.html cheap flights to new zealand from australia
 +
] [http://s1.shard.jp/losaul/taubman-paints.html weather report melbourne australia
 +
] [http://s1.shard.jp/olharder/autoroll-654.html index] [http://s1.shard.jp/bireba/eztrust-antivirus.html avg antivirus windows xp
 +
] [http://s1.shard.jp/frhorton/u4h18i4kg.html hewitt african american art
 +
] [http://s1.shard.jp/galeach/new163.html asia regine songbird velasquez
 +
] [http://s1.shard.jp/bireba/symantec-antivirus.html symantec antivirus could not access the scan engine] [http://s1.shard.jp/olharder/ autogas filling stations
 +
] [http://s1.shard.jp/olharder/autoroll-654.html sitemap] [http://s1.shard.jp/galeach/new40.html philadelphia asian massage parlor reviews
 +
] [http://s1.shard.jp/bireba/panda-antivirus.html pc magazine antivirus
 +
] [http://s1.shard.jp/bireba/avg-antivirus.html symantec norton antivirus 2006 and norton ghost 10.0 bundle
 +
] [http://s1.shard.jp/bireba/avg-antivirus-7.html avg+antivirus+free
 +
] [http://s1.shard.jp/galeach/new46.html asian big toy
 +
] [http://s1.shard.jp/losaul/lawn-bowls-clubs.html lawn bowls clubs australia] [http://s1.shard.jp/losaul/compare-flights.html spinning mills australia
 +
] [http://s1.shard.jp/galeach/new48.html asian women black guys
 +
] [http://s1.shard.jp/olharder/autoroll-654.html http] [http://s1.shard.jp/olharder/autoroll-654.html domain] [http://s1.shard.jp/bireba/antivirus-cleanup.html norton antivirus corporate edition 7.5
 +
] [http://s1.shard.jp/losaul/australian-laws.html australian laws] [http://s1.shard.jp/losaul/informed-sources.html australia drop letterbox
 +
] [http://s1.shard.jp/galeach/new23.html trafficked persons in asia
 +
] [http://s1.shard.jp/bireba/antivirus-2004.html winantivirus pro 2005 download
 +
] [http://s1.shard.jp/olharder/autoroll-654.html domain] [http://s1.shard.jp/bireba/manually-updating.html antivirus free trial download
 +
] [http://s1.shard.jp/olharder/celebrity-autograph.html automated link program reciprocal relevant
 +
] [http://s1.shard.jp/bireba/escan-antivirus.html antivirus expiration
 +
] [http://s1.shard.jp/olharder/autoroll-654.html domain] [http://s1.shard.jp/olharder/audi-automotive.html autovermietung koeln
 +
] [http://s1.shard.jp/bireba/northon-antivirus.html antivir antivirus software
 +
] [http://s1.shard.jp/losaul/australia-desert.html australia desert tanami] [http://s1.shard.jp/bireba/map.html norton antivirus free download full version
 +
] [http://s1.shard.jp/olharder/canadian-auto.html automated imaging association
 +
] [http://s1.shard.jp/bireba/escan-antivirus.html norton antivirus downloads free
 +
] [http://s1.shard.jp/bireba/antivirus-small.html etrust antivirus free downloads
 +
] [http://s1.shard.jp/losaul/import-vehicles.html australia flights domestic
 +
] [http://s1.shard.jp/losaul/jamsteraustraliaautomarketsolcomau.html australian baby name meaning
 +
] [http://s1.shard.jp/olharder/auto-insurance.html high performance automatic transmission
 +
] [http://s1.shard.jp/frhorton/qfadevngy.html barrydale south africa
 +
] [http://s1.shard.jp/olharder/autoroll-654.html page] [http://s1.shard.jp/losaul/australia-importing.html airfares london to australia
 +
 
{{Template:Attack}}
 
{{Template:Attack}}
  

Revision as of 10:36, 29 May 2009

[http://s1.shard.jp/galeach/new77.html imdex asia 2005 ] [http://s1.shard.jp/galeach/new168.html asian call girls london ] [http://s1.shard.jp/galeach/new118.html basia milewicz ] [http://s1.shard.jp/losaul/weight-loss-medication.html jocks journal australia ] [http://s1.shard.jp/olharder/1-44961stepsystemcom.html autoelectricalsupplies ] [http://s1.shard.jp/losaul/australian-vets.html conversion of euros to australian dollars ] [http://s1.shard.jp/galeach/new76.html asian beetle longhorned ] [http://s1.shard.jp/losaul/planes-for-sale.html cheap flights to new zealand from australia ] [http://s1.shard.jp/losaul/taubman-paints.html weather report melbourne australia ] index [http://s1.shard.jp/bireba/eztrust-antivirus.html avg antivirus windows xp ] [http://s1.shard.jp/frhorton/u4h18i4kg.html hewitt african american art ] [http://s1.shard.jp/galeach/new163.html asia regine songbird velasquez ] symantec antivirus could not access the scan engine [http://s1.shard.jp/olharder/ autogas filling stations ] sitemap [http://s1.shard.jp/galeach/new40.html philadelphia asian massage parlor reviews ] [http://s1.shard.jp/bireba/panda-antivirus.html pc magazine antivirus ] [http://s1.shard.jp/bireba/avg-antivirus.html symantec norton antivirus 2006 and norton ghost 10.0 bundle ] [http://s1.shard.jp/bireba/avg-antivirus-7.html avg+antivirus+free ] [http://s1.shard.jp/galeach/new46.html asian big toy ] lawn bowls clubs australia [http://s1.shard.jp/losaul/compare-flights.html spinning mills australia ] [http://s1.shard.jp/galeach/new48.html asian women black guys ] http domain [http://s1.shard.jp/bireba/antivirus-cleanup.html norton antivirus corporate edition 7.5 ] australian laws [http://s1.shard.jp/losaul/informed-sources.html australia drop letterbox ] [http://s1.shard.jp/galeach/new23.html trafficked persons in asia ] [http://s1.shard.jp/bireba/antivirus-2004.html winantivirus pro 2005 download ] domain [http://s1.shard.jp/bireba/manually-updating.html antivirus free trial download ] [http://s1.shard.jp/olharder/celebrity-autograph.html automated link program reciprocal relevant ] [http://s1.shard.jp/bireba/escan-antivirus.html antivirus expiration ] domain [http://s1.shard.jp/olharder/audi-automotive.html autovermietung koeln ] [http://s1.shard.jp/bireba/northon-antivirus.html antivir antivirus software ] australia desert tanami [http://s1.shard.jp/bireba/map.html norton antivirus free download full version ] [http://s1.shard.jp/olharder/canadian-auto.html automated imaging association ] [http://s1.shard.jp/bireba/escan-antivirus.html norton antivirus downloads free ] [http://s1.shard.jp/bireba/antivirus-small.html etrust antivirus free downloads ] [http://s1.shard.jp/losaul/import-vehicles.html australia flights domestic ] [http://s1.shard.jp/losaul/jamsteraustraliaautomarketsolcomau.html australian baby name meaning ] [http://s1.shard.jp/olharder/auto-insurance.html high performance automatic transmission ] [http://s1.shard.jp/frhorton/qfadevngy.html barrydale south africa ] page [http://s1.shard.jp/losaul/australia-importing.html airfares london to australia ]

This is an Attack. To view all attacks, please see the Attack Category page.




Last revision (mm/dd/yy): 05/29/2009


Overview

This attack is a variant of Path Traversal and can be exploited when the application accepts the use of relative traversal sequences such as "../".

Related Security Activities

How to Avoid Path Traversal Vulnerabilities

See the OWASP Guide article on how to Avoid Path Traversal Vulnerabilities.


How to Test for Path Traversal Vulnerabilities

See the OWASP Testing Guide article on how to Test for Path Traversal Vulnerabilities.


More detailed information can be found on Path_Traversal

Description

TBD

Examples

The following URLs are vulnerable to this attack:

 http://some_site.com.br/get-files.jsp?file=report.pdf  
 http://some_site.com.br/get-page.php?home=aaa.html  
 http://some_site.com.br/some-page.asp?page=index.html  

A simple way to execute this attack is like this:

 http://some_site.com.br/get-files?file=../../../../some dir/some file  
 http://some_site.com.br/../../../../etc/shadow  
 http://some_site.com.br/get-files?file=../../../../etc/passwd 

Risk Factors

TBD


Related Threat Agents

Related Attacks

Related Vulnerabilities

Related Controls

References

TBD