Tweet
A directory traversal attack allows an attacker to move outside the web server directories and into other parts of the underlaying file system. When an attacker is able to leave the web web root directory, the attacker may be able to bypass file permissions by accessing files as the web server user. This ability may lead to a bypass of permissions and other security controls and may allow the attacker to execute commands on the web server itself.
For this to work, an attacker will attempt to take advantage of errors or weaknesses in one of two areas.
Access Control Lists (ACLs), which are in place to control which users and groups are allowed to access which files and directories as well as what level of interaction is allowd by the user.
The root directory which is the directory on the web server to which users are specifically restricted. This is the highest-level folder they are normally allowed to access while using the web application. The root directory acts as the top directory in the web site hierarchy and is ment to prevent users from accessing sensitive information on the web server such as private keys and password files.
Common targets from this kind of attack are default files and directories meaning files that are expected to be in place. This is important because the attacker may not be able to see directory listings but still request these files through the web application or server itself. The success rate of this attack heavily depends on the configuration of the web site and the web server itself. The location of default files will vary but more often than not, these files can be found in the same place. Seldom are the default installation directories changed during an installation. Executing this kind of attack may be done with no tools other than whatever browser the attacker has at his disposal.
A few very obvious but very important countermeasures includes the following
For this to work, an attacker will attempt to take advantage of errors or weaknesses in one of two areas.
Access Control Lists (ACLs), which are in place to control which users and groups are allowed to access which files and directories as well as what level of interaction is allowd by the user.
The root directory which is the directory on the web server to which users are specifically restricted. This is the highest-level folder they are normally allowed to access while using the web application. The root directory acts as the top directory in the web site hierarchy and is ment to prevent users from accessing sensitive information on the web server such as private keys and password files.
Common targets from this kind of attack are default files and directories meaning files that are expected to be in place. This is important because the attacker may not be able to see directory listings but still request these files through the web application or server itself. The success rate of this attack heavily depends on the configuration of the web site and the web server itself. The location of default files will vary but more often than not, these files can be found in the same place. Seldom are the default installation directories changed during an installation. Executing this kind of attack may be done with no tools other than whatever browser the attacker has at his disposal.
A few very obvious but very important countermeasures includes the following
- Running modern web server software and ensuring that up-to-date patches are installed.
- Enabling filtering and validation of user input to the web server. Modern web server software include this ability to filter out non-standard requests or codes.
- Assume every piece of data from the client may be altered or tampered with even though the web application does not give the user this option. Even headers and form data from a drop down menu may be altered by a malicious user.