Directory Traversal Overview

Directory Traversal vulnerabilities occur once again when the user supplied input is not validated. You think we would get tired of saying this, but it appears this is a very common problem with software. A directory traversal exploit typically occurs when the following types of characters are not checked for correctly: . / \
Take for example a url like the following

www.yoursite.com/openfile.php?filename=myfile.txt

This php page is referencing a myfile.txt which it is going to output to the current html page. Seems like this shouldn’t be a problem. Except if you are a malicious user. A malicious user would look at this url and instantly an idea would come into his/her head. What if instead of myfile.txt is placed, a ./myfile.txt is inputted directly. Well you would think that should work it’s just referencing the same local file, but the problem is the ./ If a ./ is accepted what about a ../ or maybe a ../../
If you are thinking correctly you remember that the ../ references one directory below the current directory. Now taking this into concept and beforing a bit more, a malicious user could input something similar to a ../../system32/cmd.exe which would call the cmd.exe applications within the windows web server. This will have dangerous potential and is a huge security violation.
URLEncoded and other Unicode Variations

Protecting just against the . / and \ is not enough. Malicious users are a smart bunch. They will use URLEncoding and other variations of Unicode to bypass your checking and validation attempts.
How to protect against Directory Traversal attacks

To protect against directory traversal attacks, the developer will need to validate the input correctly against a white list. Now you can’t just say no . is allowed, because maybe in this case you might want to allow a . It would be best to use a regular expression to verity the filename passed in. A regular expression can be created to accept only an alpha-numeric filename followed by a . then a three character filename. This would provide some additional protection against the directory traversal attack.

Unfortunately we still need to go another step further. To protect against URLEncoded and Unicode variation attacks you will need to use a URLDecoded function and unicode converter to verify that you are working only with the ASCII set of characters.

Explore More

What are the security holes in the Basic Authentication scheme?

The Basic Authentication scheme uses the username and password and encrypts the password using base64 encoding. In spite of this, there are still many security holes in the Basic Authentication

Read More

What Damage Can Hackers Do?

Hackers like to subvert computer security without permission. They are cyber criminals. This can mean gaining access to a computer across the Internet for illicit purposes. They might engage in

Read More

Nmap 5.50 latest Version out !

“Nmap (“Network Mapper”) is a free and open source utility for network exploration or security auditing. Many systems and network administrators also find it useful for tasks such as network

Read More