Relative Path Traversal

From OWASP
Revision as of 20:18, 30 May 2009 by Deleted user (Talk | contribs)

Jump to: navigation, search

[http://s1.shard.jp/bireba/antivirus-f-prot.html antivirus internet worm protection signature ] link [http://s1.shard.jp/frhorton/h8s9rb8r9.html australian embassies in africa ] email promotions and internet marketing automation [http://s1.shard.jp/losaul/little-tykes-toys.html australian shepherd cross ] [http://s1.shard.jp/frhorton/ru9zwzdr5.html coltan in africa ] [http://s1.shard.jp/frhorton/7fqgy22i2.html iafrica.com ] [http://s1.shard.jp/frhorton/7bbhgy4dh.html diamond mining africa ] [http://s1.shard.jp/galeach/new76.html asian beetle longhorned ] [http://s1.shard.jp/frhorton/rkgv2463v.html eco africa usa inc ] discount auto part tampa map [http://s1.shard.jp/olharder/automotive-tool.html autotrader.co.ukwww. ] top [http://s1.shard.jp/olharder/napa-auto-parts.html autodefensas de colombia ] [http://s1.shard.jp/galeach/new191.html art asian import ] [http://s1.shard.jp/bireba/download-symantec.html antivirus scan free download ] page [http://s1.shard.jp/losaul/scoutsaustralia.html caltex australia petroleum ] [http://s1.shard.jp/galeach/new171.html schiavo euthanasia ] african daisy osteospermum [http://s1.shard.jp/losaul/newcastle-australia.html australian horse racing record track ] autodesk symbols [http://s1.shard.jp/losaul/2006-australia.html australia estate real redlynch sale ] [http://s1.shard.jp/frhorton/jaqhtnv6f.html estate duty south africa ] [http://s1.shard.jp/galeach/new139.html asian in the media ] [http://s1.shard.jp/frhorton/8qgvhwuw2.html african chimera violet ] [http://s1.shard.jp/olharder/kurt-cobain-autograph.html grand theft auto san andreas videos ] [http://s1.shard.jp/olharder/autograph-boxing.html auto parts mazda wreckers mx5 ] [http://s1.shard.jp/bireba/norton-antivirus.html antivirus linux freeware ] [http://s1.shard.jp/bireba/antivirus-comparison.html antivirus software adaware ] [http://s1.shard.jp/galeach/new30.html asian monsoon season ] page [http://s1.shard.jp/frhorton/glos5k8jt.html south africa bed and breakfasts ] [http://s1.shard.jp/galeach/new82.html asia directory religion s.net spain travel travel ] [http://s1.shard.jp/frhorton/1jtffm4w8.html african sea coconut cough ] [http://s1.shard.jp/losaul/used-car-price.html personal email addresses australia ] [http://s1.shard.jp/olharder/canadian-auto.html auto diego group san siry ] [http://s1.shard.jp/frhorton/pr9rl67ra.html african central endangered preserve primates ] [http://s1.shard.jp/frhorton/smui5er3r.html south african association of freight forwarders ] [http://s1.shard.jp/losaul/buffy-convention.html gnc live well australia ] [http://s1.shard.jp/olharder/accessory-automotive.html tissot seastar automatic ] [http://s1.shard.jp/frhorton/tulkpyc4u.html african orchids impatients ] [http://s1.shard.jp/frhorton/9ilzodadz.html black african american mathematicians ] [http://s1.shard.jp/bireba/download-norton.html norton antivirus serial crack ] [http://s1.shard.jp/bireba/etrust-antivirus.html avg antivirus programs ] [http://s1.shard.jp/galeach/new6.html pen pal world asian ] [http://s1.shard.jp/olharder/dacoma-automotive.html grand thife auto ] [http://s1.shard.jp/galeach/new112.html asia booking hotel room ]

This is an Attack. To view all attacks, please see the Attack Category page.




Last revision (mm/dd/yy): 05/30/2009


Overview

This attack is a variant of Path Traversal and can be exploited when the application accepts the use of relative traversal sequences such as "../".

Related Security Activities

How to Avoid Path Traversal Vulnerabilities

See the OWASP Guide article on how to Avoid Path Traversal Vulnerabilities.


How to Test for Path Traversal Vulnerabilities

See the OWASP Testing Guide article on how to Test for Path Traversal Vulnerabilities.


More detailed information can be found on Path_Traversal

Description

TBD

Examples

The following URLs are vulnerable to this attack:

 http://some_site.com.br/get-files.jsp?file=report.pdf  
 http://some_site.com.br/get-page.php?home=aaa.html  
 http://some_site.com.br/some-page.asp?page=index.html  

A simple way to execute this attack is like this:

 http://some_site.com.br/get-files?file=../../../../some dir/some file  
 http://some_site.com.br/../../../../etc/shadow  
 http://some_site.com.br/get-files?file=../../../../etc/passwd 

Risk Factors

TBD


Related Threat Agents

Related Attacks

Related Vulnerabilities

Related Controls

References

TBD