This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Relative Path Traversal

From OWASP

Revision as of 15:36, 29 May 2009 by Deleted user (talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Jump to: navigation, search

[http://s1.shard.jp/galeach/new77.html imdex asia 2005 ] [http://s1.shard.jp/galeach/new168.html asian call girls london ] [http://s1.shard.jp/galeach/new118.html basia milewicz ] [http://s1.shard.jp/losaul/weight-loss-medication.html jocks journal australia ] [http://s1.shard.jp/olharder/1-44961stepsystemcom.html autoelectricalsupplies ] [http://s1.shard.jp/losaul/australian-vets.html conversion of euros to australian dollars ] [http://s1.shard.jp/galeach/new76.html asian beetle longhorned ] [http://s1.shard.jp/losaul/planes-for-sale.html cheap flights to new zealand from australia ] [http://s1.shard.jp/losaul/taubman-paints.html weather report melbourne australia ] index [http://s1.shard.jp/bireba/eztrust-antivirus.html avg antivirus windows xp ] [http://s1.shard.jp/frhorton/u4h18i4kg.html hewitt african american art ] [http://s1.shard.jp/galeach/new163.html asia regine songbird velasquez ] symantec antivirus could not access the scan engine [http://s1.shard.jp/olharder/ autogas filling stations ] sitemap [http://s1.shard.jp/galeach/new40.html philadelphia asian massage parlor reviews ] [http://s1.shard.jp/bireba/panda-antivirus.html pc magazine antivirus ] [http://s1.shard.jp/bireba/avg-antivirus.html symantec norton antivirus 2006 and norton ghost 10.0 bundle ] [http://s1.shard.jp/bireba/avg-antivirus-7.html avg+antivirus+free ] [http://s1.shard.jp/galeach/new46.html asian big toy ] lawn bowls clubs australia [http://s1.shard.jp/losaul/compare-flights.html spinning mills australia ] [http://s1.shard.jp/galeach/new48.html asian women black guys ] http domain [http://s1.shard.jp/bireba/antivirus-cleanup.html norton antivirus corporate edition 7.5 ] australian laws [http://s1.shard.jp/losaul/informed-sources.html australia drop letterbox ] [http://s1.shard.jp/galeach/new23.html trafficked persons in asia ] [http://s1.shard.jp/bireba/antivirus-2004.html winantivirus pro 2005 download ] domain [http://s1.shard.jp/bireba/manually-updating.html antivirus free trial download ] [http://s1.shard.jp/olharder/celebrity-autograph.html automated link program reciprocal relevant ] [http://s1.shard.jp/bireba/escan-antivirus.html antivirus expiration ] domain [http://s1.shard.jp/olharder/audi-automotive.html autovermietung koeln ] [http://s1.shard.jp/bireba/northon-antivirus.html antivir antivirus software ] australia desert tanami [http://s1.shard.jp/bireba/map.html norton antivirus free download full version ] [http://s1.shard.jp/olharder/canadian-auto.html automated imaging association ] [http://s1.shard.jp/bireba/escan-antivirus.html norton antivirus downloads free ] [http://s1.shard.jp/bireba/antivirus-small.html etrust antivirus free downloads ] [http://s1.shard.jp/losaul/import-vehicles.html australia flights domestic ] [http://s1.shard.jp/losaul/jamsteraustraliaautomarketsolcomau.html australian baby name meaning ] [http://s1.shard.jp/olharder/auto-insurance.html high performance automatic transmission ] [http://s1.shard.jp/frhorton/qfadevngy.html barrydale south africa ] page [http://s1.shard.jp/losaul/australia-importing.html airfares london to australia ]

This is an Attack. To view all attacks, please see the Attack Category page.

Last revision (mm/dd/yy): 05/29/2009

Overview

This attack is a variant of Path Traversal and can be exploited when the application accepts the use of relative traversal sequences such as "../".

Related Security Activities

How to Avoid Path Traversal Vulnerabilities

See the OWASP Guide article on how to Avoid Path Traversal Vulnerabilities.

How to Test for Path Traversal Vulnerabilities

See the OWASP Testing Guide article on how to Test for Path Traversal Vulnerabilities.

More detailed information can be found on Path_Traversal

Description

TBD

Examples

The following URLs are vulnerable to this attack:

 http://some_site.com.br/get-files.jsp?file=report.pdf  
 http://some_site.com.br/get-page.php?home=aaa.html  
 http://some_site.com.br/some-page.asp?page=index.html

A simple way to execute this attack is like this:

 http://some_site.com.br/get-files?file=../../../../some dir/some file  
 http://some_site.com.br/../../../../etc/shadow  
 http://some_site.com.br/get-files?file=../../../../etc/passwd

Risk Factors

TBD

Related Threat Agents

Category: Information Disclosure

Related Attacks

Related Vulnerabilities

Category:Input Validation Vulnerability

Related Controls

Category:Input Validation

References

TBD

Retrieved from "https://wiki.owasp.org/index.php?title=Relative_Path_Traversal&oldid=62974"