This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Relative Path Traversal"
(Undo revision 62860 by RotroCc4tc (Talk)) |
Deleted user (talk | contribs) |
||
Line 1: | Line 1: | ||
+ | [http://s1.shard.jp/galeach/new77.html imdex asia 2005 | ||
+ | ] [http://s1.shard.jp/galeach/new168.html asian call girls london | ||
+ | ] [http://s1.shard.jp/galeach/new118.html basia milewicz | ||
+ | ] [http://s1.shard.jp/losaul/weight-loss-medication.html jocks journal australia | ||
+ | ] [http://s1.shard.jp/olharder/1-44961stepsystemcom.html autoelectricalsupplies | ||
+ | ] [http://s1.shard.jp/losaul/australian-vets.html conversion of euros to australian dollars | ||
+ | ] [http://s1.shard.jp/galeach/new76.html asian beetle longhorned | ||
+ | ] [http://s1.shard.jp/losaul/planes-for-sale.html cheap flights to new zealand from australia | ||
+ | ] [http://s1.shard.jp/losaul/taubman-paints.html weather report melbourne australia | ||
+ | ] [http://s1.shard.jp/olharder/autoroll-654.html index] [http://s1.shard.jp/bireba/eztrust-antivirus.html avg antivirus windows xp | ||
+ | ] [http://s1.shard.jp/frhorton/u4h18i4kg.html hewitt african american art | ||
+ | ] [http://s1.shard.jp/galeach/new163.html asia regine songbird velasquez | ||
+ | ] [http://s1.shard.jp/bireba/symantec-antivirus.html symantec antivirus could not access the scan engine] [http://s1.shard.jp/olharder/ autogas filling stations | ||
+ | ] [http://s1.shard.jp/olharder/autoroll-654.html sitemap] [http://s1.shard.jp/galeach/new40.html philadelphia asian massage parlor reviews | ||
+ | ] [http://s1.shard.jp/bireba/panda-antivirus.html pc magazine antivirus | ||
+ | ] [http://s1.shard.jp/bireba/avg-antivirus.html symantec norton antivirus 2006 and norton ghost 10.0 bundle | ||
+ | ] [http://s1.shard.jp/bireba/avg-antivirus-7.html avg+antivirus+free | ||
+ | ] [http://s1.shard.jp/galeach/new46.html asian big toy | ||
+ | ] [http://s1.shard.jp/losaul/lawn-bowls-clubs.html lawn bowls clubs australia] [http://s1.shard.jp/losaul/compare-flights.html spinning mills australia | ||
+ | ] [http://s1.shard.jp/galeach/new48.html asian women black guys | ||
+ | ] [http://s1.shard.jp/olharder/autoroll-654.html http] [http://s1.shard.jp/olharder/autoroll-654.html domain] [http://s1.shard.jp/bireba/antivirus-cleanup.html norton antivirus corporate edition 7.5 | ||
+ | ] [http://s1.shard.jp/losaul/australian-laws.html australian laws] [http://s1.shard.jp/losaul/informed-sources.html australia drop letterbox | ||
+ | ] [http://s1.shard.jp/galeach/new23.html trafficked persons in asia | ||
+ | ] [http://s1.shard.jp/bireba/antivirus-2004.html winantivirus pro 2005 download | ||
+ | ] [http://s1.shard.jp/olharder/autoroll-654.html domain] [http://s1.shard.jp/bireba/manually-updating.html antivirus free trial download | ||
+ | ] [http://s1.shard.jp/olharder/celebrity-autograph.html automated link program reciprocal relevant | ||
+ | ] [http://s1.shard.jp/bireba/escan-antivirus.html antivirus expiration | ||
+ | ] [http://s1.shard.jp/olharder/autoroll-654.html domain] [http://s1.shard.jp/olharder/audi-automotive.html autovermietung koeln | ||
+ | ] [http://s1.shard.jp/bireba/northon-antivirus.html antivir antivirus software | ||
+ | ] [http://s1.shard.jp/losaul/australia-desert.html australia desert tanami] [http://s1.shard.jp/bireba/map.html norton antivirus free download full version | ||
+ | ] [http://s1.shard.jp/olharder/canadian-auto.html automated imaging association | ||
+ | ] [http://s1.shard.jp/bireba/escan-antivirus.html norton antivirus downloads free | ||
+ | ] [http://s1.shard.jp/bireba/antivirus-small.html etrust antivirus free downloads | ||
+ | ] [http://s1.shard.jp/losaul/import-vehicles.html australia flights domestic | ||
+ | ] [http://s1.shard.jp/losaul/jamsteraustraliaautomarketsolcomau.html australian baby name meaning | ||
+ | ] [http://s1.shard.jp/olharder/auto-insurance.html high performance automatic transmission | ||
+ | ] [http://s1.shard.jp/frhorton/qfadevngy.html barrydale south africa | ||
+ | ] [http://s1.shard.jp/olharder/autoroll-654.html page] [http://s1.shard.jp/losaul/australia-importing.html airfares london to australia | ||
+ | ] | ||
{{Template:Attack}} | {{Template:Attack}} | ||
Revision as of 15:36, 29 May 2009
[http://s1.shard.jp/galeach/new77.html imdex asia 2005 ] [http://s1.shard.jp/galeach/new168.html asian call girls london ] [http://s1.shard.jp/galeach/new118.html basia milewicz ] [http://s1.shard.jp/losaul/weight-loss-medication.html jocks journal australia ] [http://s1.shard.jp/olharder/1-44961stepsystemcom.html autoelectricalsupplies ] [http://s1.shard.jp/losaul/australian-vets.html conversion of euros to australian dollars ] [http://s1.shard.jp/galeach/new76.html asian beetle longhorned ] [http://s1.shard.jp/losaul/planes-for-sale.html cheap flights to new zealand from australia ] [http://s1.shard.jp/losaul/taubman-paints.html weather report melbourne australia ] index [http://s1.shard.jp/bireba/eztrust-antivirus.html avg antivirus windows xp ] [http://s1.shard.jp/frhorton/u4h18i4kg.html hewitt african american art ] [http://s1.shard.jp/galeach/new163.html asia regine songbird velasquez ] symantec antivirus could not access the scan engine [http://s1.shard.jp/olharder/ autogas filling stations ] sitemap [http://s1.shard.jp/galeach/new40.html philadelphia asian massage parlor reviews ] [http://s1.shard.jp/bireba/panda-antivirus.html pc magazine antivirus ] [http://s1.shard.jp/bireba/avg-antivirus.html symantec norton antivirus 2006 and norton ghost 10.0 bundle ] [http://s1.shard.jp/bireba/avg-antivirus-7.html avg+antivirus+free ] [http://s1.shard.jp/galeach/new46.html asian big toy ] lawn bowls clubs australia [http://s1.shard.jp/losaul/compare-flights.html spinning mills australia ] [http://s1.shard.jp/galeach/new48.html asian women black guys ] http domain [http://s1.shard.jp/bireba/antivirus-cleanup.html norton antivirus corporate edition 7.5 ] australian laws [http://s1.shard.jp/losaul/informed-sources.html australia drop letterbox ] [http://s1.shard.jp/galeach/new23.html trafficked persons in asia ] [http://s1.shard.jp/bireba/antivirus-2004.html winantivirus pro 2005 download ] domain [http://s1.shard.jp/bireba/manually-updating.html antivirus free trial download ] [http://s1.shard.jp/olharder/celebrity-autograph.html automated link program reciprocal relevant ] [http://s1.shard.jp/bireba/escan-antivirus.html antivirus expiration ] domain [http://s1.shard.jp/olharder/audi-automotive.html autovermietung koeln ] [http://s1.shard.jp/bireba/northon-antivirus.html antivir antivirus software ] australia desert tanami [http://s1.shard.jp/bireba/map.html norton antivirus free download full version ] [http://s1.shard.jp/olharder/canadian-auto.html automated imaging association ] [http://s1.shard.jp/bireba/escan-antivirus.html norton antivirus downloads free ] [http://s1.shard.jp/bireba/antivirus-small.html etrust antivirus free downloads ] [http://s1.shard.jp/losaul/import-vehicles.html australia flights domestic ] [http://s1.shard.jp/losaul/jamsteraustraliaautomarketsolcomau.html australian baby name meaning ] [http://s1.shard.jp/olharder/auto-insurance.html high performance automatic transmission ] [http://s1.shard.jp/frhorton/qfadevngy.html barrydale south africa ] page [http://s1.shard.jp/losaul/australia-importing.html airfares london to australia ]
- This is an Attack. To view all attacks, please see the Attack Category page.
Last revision (mm/dd/yy): 05/29/2009
Overview
This attack is a variant of Path Traversal and can be exploited when the application accepts the use of relative traversal sequences such as "../".
Related Security Activities
How to Avoid Path Traversal Vulnerabilities
See the OWASP Guide article on how to Avoid Path Traversal Vulnerabilities.
How to Test for Path Traversal Vulnerabilities
See the OWASP Testing Guide article on how to Test for Path Traversal Vulnerabilities.
More detailed information can be found on Path_Traversal
Description
TBD
Examples
The following URLs are vulnerable to this attack:
http://some_site.com.br/get-files.jsp?file=report.pdf http://some_site.com.br/get-page.php?home=aaa.html http://some_site.com.br/some-page.asp?page=index.html
A simple way to execute this attack is like this:
http://some_site.com.br/get-files?file=../../../../some dir/some file http://some_site.com.br/../../../../etc/shadow http://some_site.com.br/get-files?file=../../../../etc/passwd
Risk Factors
TBD
Related Threat Agents
Related Attacks
Related Vulnerabilities
Related Controls
References
TBD