Insecure direct
object reference vulnerability in Facebook Business Manager
A path traversal attack (also known as directory
traversal) aims to access files and directories that are stored outside the web
root folder. By manipulating variables that reference files with “dot-dot-slash
(../)” sequences and its variations or by using absolute file paths, it may be
possible to access arbitrary files and directories stored on file system
including application source code or configuration and critical system files.
This attack is also known as “dot-dot-slash”, “directory traversal”, and “directory
climbing and backtracking”.
Probable
Root Cause:
·
Incorrectly
set file permissions
Index-able directories allow an attacker to easily
discover the existence of
·
content
on your web server that should remain private.
Temporary files, if exposed
to unauthorized users, may expose private and
·
confidential
information, or allow an attacker to become an authorized user depending on the
level of vulnerability.
·
It
is common for system administrators and developers to use editors and other
tools which create temporary old files. If the file extensions or access
control permissions change, an attacker may be able to read source or
configuration data
Possible Recommendations:
·
Validate
file paths and names to avoid canonicalization bugs, canonicalize the file name
by using the System.IO.Path.GetFullPath method.
Use proper file permissions
to ensure that only authorized users can access sensitive files.
·
Filter
any user input. Ideally remove everything but the known good data and filter
meta-characters from the user input.
·
Prefer
working without user input when using file system calls.
·
Manually
review web directory contents for unnecessary files which could be discovered
by an attacker, such as documentation, template, example files, which could be
used by an attacker to identify attackable surface area.
-->
No comments:
Post a Comment