This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Directory Restriction Error"
From OWASP
Weilin Zhong (talk | contribs) m (Directory Restriction moved to Directory Restriction Error: Changed the title to be a vulnerability.) |
Weilin Zhong (talk | contribs) (→Description) |
||
| Line 3: | Line 3: | ||
==Description== | ==Description== | ||
| − | Improper use of the chroot() system call may allow attackers to access files that are outside the new root directory therefore breaks the intended access control policy. | + | The application fails to enforce the intended restricted directory access policy. By using relative paths or other path traversal attack mechanisms, an attacker can access unauthorized files outside the restricted directory. Examples: |
| + | * Improper use of the chroot() system call may allow attackers to access files that are outside the new root directory therefore breaks the intended access control policy. | ||
==Related Threats== | ==Related Threats== | ||
Revision as of 15:52, 9 June 2006
This is a Vulnerability. To view all vulnerabilities, please see the Vulnerability Category page.
Description
The application fails to enforce the intended restricted directory access policy. By using relative paths or other path traversal attack mechanisms, an attacker can access unauthorized files outside the restricted directory. Examples:
- Improper use of the chroot() system call may allow attackers to access files that are outside the new root directory therefore breaks the intended access control policy.
Related Threats
Attackers try to access unauthorized files, such as password files or configuration files.
Related Attacks
Related Countermeasures
This article is a stub. You can help OWASP by expanding it or discussing it on its Talk page.
