Directory Traversal Overview

Directory Traversal vulnerabilities occur once again when the user supplied input is not validated. You think we would get tired of saying this, but it appears this is a very common problem with software. A directory traversal exploit typically occurs when the following types of characters are not checked for correctly: . / \
Take for example a url like the following

www.yoursite.com/openfile.php?filename=myfile.txt

This php page is referencing a myfile.txt which it is going to output to the current html page. Seems like this shouldn’t be a problem. Except if you are a malicious user. A malicious user would look at this url and instantly an idea would come into his/her head. What if instead of myfile.txt is placed, a ./myfile.txt is inputted directly. Well you would think that should work it’s just referencing the same local file, but the problem is the ./ If a ./ is accepted what about a ../ or maybe a ../../
If you are thinking correctly you remember that the ../ references one directory below the current directory. Now taking this into concept and beforing a bit more, a malicious user could input something similar to a ../../system32/cmd.exe which would call the cmd.exe applications within the windows web server. This will have dangerous potential and is a huge security violation.
URLEncoded and other Unicode Variations

Protecting just against the . / and \ is not enough. Malicious users are a smart bunch. They will use URLEncoding and other variations of Unicode to bypass your checking and validation attempts.
How to protect against Directory Traversal attacks

To protect against directory traversal attacks, the developer will need to validate the input correctly against a white list. Now you can’t just say no . is allowed, because maybe in this case you might want to allow a . It would be best to use a regular expression to verity the filename passed in. A regular expression can be created to accept only an alpha-numeric filename followed by a . then a three character filename. This would provide some additional protection against the directory traversal attack.

Unfortunately we still need to go another step further. To protect against URLEncoded and Unicode variation attacks you will need to use a URLDecoded function and unicode converter to verify that you are working only with the ASCII set of characters.

Explore More

USB drive identifies and extracts data, leaving no footprint

Harris Corporation introduced a highly customizable USB thumb drive that quickly extracts targeted data from computers. The device – called BlackJack – is designed for military, intelligence, and law enforcement

Basic Remote File Inclusion

Basic Remote File Inclusion DefinitionRemote file inclusion, commonly known as RFI is a form of attack where the attacker trys to inject there own php code inside your php app’s.

Wireless hack tools 2008

Hi Here is wireless hack tools 2008 http://rapidshare.com/files/12390847...z_2008_AIO.rarhttp://rs166.rapidshare.com/files/12...z_2008_AIO.rar