Absolute Path Traversal


 * 1) REDIRECT Path Traversal

Last revision (mm/dd/yy): //

Description
If a product expects a filename as input it is possible that it can construct an absolute path such as "/rootdir/subdir," which is then processed by the operating system to access a file or resource that is outside of a restricted path that was intended by the developer.

This is similar to path traversal but uses only "/" and not ".." to gain access. More detailed information can be found on Path_Traversal

How does the attack work?

 * The following URLs maybe are vulnerable to this attack:

http://testsite.com/get.php?f=list http://testsite.com/get.cgi?f=2 http://testsite.com/get.asp?f=test


 * A simple way to execute this attack is like this:

http://testsite.com/get.php?f=/var/www/html/get.php http://testsite.com/get.cgi?f=/var/www/html/admin/get.inc http://testsite.com/get.asp?f=/etc/passwd


 * When the web server returns information about errors in a web application, it is much easier for the attacker to guess the correct locations (e.g. path to the file with a source code, which then may be displayed).

Related Attacks

 * Path Manipulation
 * Path Traversal
 * Resource Injection

Related Vulnerabilities

 * Category:Input Validation Vulnerability

Related Controls

 * Category:Input Validation