This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Category:Path Traversal Attack"
Weilin Zhong (talk | contribs) |
(Initial content) |
||
Line 1: | Line 1: | ||
− | + | ==Description== | |
+ | A Path Transversal attack is the technique in which one forces access to directories, files and or commands that can cause some adverse effect on the web server. This can be accomplished by attacking either the server or application level. | ||
+ | ==Examples== | ||
+ | The most basic Path Transversal attack uses the '../' special character sequence to alter the location of the request. In an Operating System, this special character combination notes to move down one directory. An example of such an attack could look like the following: http://foo.com/../../barfile | ||
+ | |||
+ | While the web server may stand up well to such an attack, another approach is to target the application itself. Most commonly the use of parameters being passed by the application can be exploited. Such data can come from user input or application data being passed between pages. Let's take for the following example into account: http://foo.com/bar.cgi?store=mystore.html | ||
+ | |||
+ | We can observe from the above that bar.cgi takes a parameter to navigate through the application; in this case, the store location is mystore.html. We can use this knowledge to attempt the retrieval of bar.cgi's source code by submitting: http://foo.com/bar.cgi?store=bar.cgi | ||
+ | |||
+ | This can be taken a step further. By combining the two methods above one may be able to retrieve server resident content using the application as a means of accessing it. Keep in mind, the web server daemon (process) runs as a user on the machine and as such the application has read access to certain areas. Using the foobar store example URL above, let look at how we can grab a file from another location of the server: http://foo.com/bar.cgi?../../secretfile.txt | ||
+ | |||
+ | ==Categories== | ||
[[Category:Attack]] | [[Category:Attack]] | ||
− | |||
− |
Revision as of 22:50, 18 August 2006
Description
A Path Transversal attack is the technique in which one forces access to directories, files and or commands that can cause some adverse effect on the web server. This can be accomplished by attacking either the server or application level.
Examples
The most basic Path Transversal attack uses the '../' special character sequence to alter the location of the request. In an Operating System, this special character combination notes to move down one directory. An example of such an attack could look like the following: http://foo.com/../../barfile
While the web server may stand up well to such an attack, another approach is to target the application itself. Most commonly the use of parameters being passed by the application can be exploited. Such data can come from user input or application data being passed between pages. Let's take for the following example into account: http://foo.com/bar.cgi?store=mystore.html
We can observe from the above that bar.cgi takes a parameter to navigate through the application; in this case, the store location is mystore.html. We can use this knowledge to attempt the retrieval of bar.cgi's source code by submitting: http://foo.com/bar.cgi?store=bar.cgi
This can be taken a step further. By combining the two methods above one may be able to retrieve server resident content using the application as a means of accessing it. Keep in mind, the web server daemon (process) runs as a user on the machine and as such the application has read access to certain areas. Using the foobar store example URL above, let look at how we can grab a file from another location of the server: http://foo.com/bar.cgi?../../secretfile.txt
Categories
Pages in category "Path Traversal Attack"
This category contains only the following page.