 |
|
Absolute Path
Traversal
|
| |
If a product expects a filename as input it is possible that
it can construct an absolute path such as "/rootdir/subdir,"
which is then processed by the operating system to access a file
or resource that is outside of a restricted path that was
intended by the developer.
This is similar to path traversal but uses only "/" and not ".."
to gain access. More detailed information can be found on
Path_Traversal
The following URLs maybe are vulnerable to this attack:
http://testsite.com/get.php?f=list
http://testsite.com/get.cgi?f=2
http://testsite.com/get.asp?f=test
A simple way to execute this attack is like this:
http://testsite.com/get.php?f=/var/www/html/get.php
http://testsite.com/get.cgi?f=/var/www/html/admin/get.inc
http://testsite.com/get.asp?f=/etc/passwd
When the web server returns information about errors in a web
application, it is much easier for the attacker to guess the
correct locations (e.g. path to the file with a source code,
which then may be displayed). |
