Describe the bug
A path traversal attack (also known as directory traversal) aims to access directories that are stored outside the web root folder.
By manipulating variables that reference files with “dot-dot-slash (../)” sequences and its variations or by using absolute file paths, it may be possible to access arbitrary files and directories stored on file system including application source code or configuration and critical system files.
To Reproduce
Steps to reproduce the behavior:
- Configure the web browser to use an intercepting proxy, such as Burp Suite.
- Authenticate to the application.
- Manualy submit a request containing the manipulated path values.
- Observe the file contents returnedfrom the application.
Environment:
Additional context
Remediation
Never use attacker controlled data as a filename or part of the filename when performing operations on files or folders. If filename should be based on the user's choice use predefined conditions instead of direct input.
Perform whitelist checks when working with files or directories using user controlled input.
Use sandbox environments (e.g. jail, chroot) that enforce strict boundaries between the process and the operating system.
Describe the bug
A path traversal attack (also known as directory traversal) aims to access directories that are stored outside the web root folder.
By manipulating variables that reference files with “dot-dot-slash (../)” sequences and its variations or by using absolute file paths, it may be possible to access arbitrary files and directories stored on file system including application source code or configuration and critical system files.
To Reproduce
Steps to reproduce the behavior:
Environment:
Additional context
Remediation
Never use attacker controlled data as a filename or part of the filename when performing operations on files or folders. If filename should be based on the user's choice use predefined conditions instead of direct input.
Perform whitelist checks when working with files or directories using user controlled input.
Use sandbox environments (e.g. jail, chroot) that enforce strict boundaries between the process and the operating system.