This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Relative Path Traversal"
From OWASP
| Line 4: | Line 4: | ||
More detailed information can be found on [[Path_Traversal]] | More detailed information can be found on [[Path_Traversal]] | ||
| + | |||
| + | == Severity == | ||
| + | |||
| + | High | ||
| + | |||
| + | == Likelihood of exploitation == | ||
| + | |||
| + | High | ||
==Examples == | ==Examples == | ||
Revision as of 16:59, 5 November 2007
- This is an Attack. To view all attacks, please see the Attack Category page.
This attack is a variant of Path Traversal and can be exploited when the application accepts the use of relative traversal sequences such as "../".
More detailed information can be found on Path_Traversal
Severity
High
Likelihood of exploitation
High
Examples
The following URLs are vulnerable to this attack:
http://some_site.com.br/get-files.jsp?file=report.pdf http://some_site.com.br/get-page.php?home=aaa.html http://some_site.com.br/some-page.asp?page=index.html
A simple way to execute this attack is like this:
http://some_site.com.br/get-files?file=../../../../some dir/some file http://some_site.com.br/../../../../etc/shadow http://some_site.com.br/get-files?file=../../../../etc/passwd
Related Threats
Category: Information Disclosure
Related Attacks
Related Vulnerabilities
Category:Input Validation Vulnerability
