Difference between revisions of "Relative Path Traversal"

Revision as of 16:55, 5 November 2007

This is an Attack. To view all attacks, please see the Attack Category page.

This attack is a variant of Path Traversal and can be exploited when the application accepts the use of relative traversal sequences such as "../".

More detailed information can be found on Path_Traversal

Examples

The following URLs are vulnerable to this attack:

 http://some_site.com.br/get-files.jsp?file=report.pdf  
 http://some_site.com.br/get-page.php?home=aaa.html  
 http://some_site.com.br/some-page.asp?page=index.html

A simple way to execute this attack is like this:

 http://some_site.com.br/get-files?file=../../../../some dir/some file  
 http://some_site.com.br/../../../../etc/shadow  
 http://some_site.com.br/get-files?file=../../../../etc/passwd

Related Threats

Category: Information Disclosure

Related Attacks

Related Vulnerabilities

Category:Input Validation Vulnerability

Related Countermeasures

Category:Input Validation

@@ Line 18: / Line 18: @@
   <nowiki> http://some_site.com.br/../../../../etc/shadow  </nowiki>
   <nowiki> http://some_site.com.br/get-files?file=../../../../etc/passwd </nowiki>
 ==Related Threats==
@@ Line 25: / Line 24: @@
 ==Related Attacks==
 *[[Path Manipulation]]
 *[[ Path Traversal]]
 *[[ Resource Injection]]
 ==Related Vulnerabilities==
 [[:Category:Input Validation Vulnerability]]
 ==Related Countermeasures==
@@ Line 38: / Line 36: @@
-==Categories==
+[[Category: Resource Manipulation]]
-[[:Category: Resource Manipulation]]
+[[Category: Attack]]

Difference between revisions of "Relative Path Traversal"

Revision as of 16:55, 5 November 2007

Examples

Related Threats

Related Attacks

Related Vulnerabilities

Related Countermeasures

Navigation menu

Personal tools

Namespaces

Variants

Views

More

Search

Navigation

Reference

Tools