Difference between revisions of "Relative Path Traversal"
(Reverting to last version not containing links to s1.shard.jp)
|(3 intermediate revisions by 2 users not shown)|
Latest revision as of 07:50, 3 June 2009
Last revision (mm/dd/yy): 06/3/2009
This attack is a variant of Path Traversal and can be exploited when the application accepts the use of relative traversal sequences such as "../".
Related Security Activities
How to Avoid Path Traversal Vulnerabilities
How to Test for Path Traversal Vulnerabilities
More detailed information can be found on Path_Traversal
The following URLs are vulnerable to this attack:
http://some_site.com.br/get-files.jsp?file=report.pdf http://some_site.com.br/get-page.php?home=aaa.html http://some_site.com.br/some-page.asp?page=index.html
A simple way to execute this attack is like this:
http://some_site.com.br/get-files?file=../../../../some dir/some file http://some_site.com.br/../../../../etc/shadow http://some_site.com.br/get-files?file=../../../../etc/passwd
Related Threat Agents