Path Traversal
A path traversal attack
(also known as directory traversal) aims to access files and directories that
are stored outside the web root folder. By manipulating variables that
reference files with “dot-dot-slash (../)” sequences and its variations or by
using absolute file paths, it may be possible to access arbitrary files and
directories stored on file system including application source code or
configuration and critical system files. This attack is also known as
“dot-dot-slash”, “directory traversal”, and “directory climbing and
backtracking”.
Probable Root cause
·
Incorrectly set file
permissions
Index-able directories
allow an attacker to easily discover the existence of content on your web
server that should remain private.
·
Temporary files, if exposed
to unauthorized users, may expose private and confidential information, or
allow an attacker to become an authorized user depending on the level of
vulnerability.
·
It is common for system
administrators and developers to use editors and other tools which create
temporary old files. If the file extensions or access control permissions
change, an attacker may be able to read source or configuration data
Probable Recommendations
·
Validate file paths and
names to avoid canonicalization bugs, canonicalize the file name by using the System.IO.Path.GetFullPath
method.
·
Use proper file permissions
to ensure that only authorized users can access sensitive files.
·
Filter any user input.
Ideally remove everything but the known good data and filter meta-characters
from the user input.
·
Prefer working without user
input when using file system calls.
·
Manually review web
directory contents for unnecessary files which could be discovered by an
attacker, such as documentation, template, example files, which could be used
by an attacker to identify attackable surface area.
-->
No comments:
Post a Comment