Directory Traversal Overview

Directory Traversal vulnerabilities occur once again when the user supplied input is not validated. You think we would get tired of saying this, but it appears this is a very common problem with software. A directory traversal exploit typically occurs when the following types of characters are not checked for correctly: . / \
Take for example a url like the following

www.yoursite.com/openfile.php?filename=myfile.txt

This php page is referencing a myfile.txt which it is going to output to the current html page. Seems like this shouldn’t be a problem. Except if you are a malicious user. A malicious user would look at this url and instantly an idea would come into his/her head. What if instead of myfile.txt is placed, a ./myfile.txt is inputted directly. Well you would think that should work it’s just referencing the same local file, but the problem is the ./ If a ./ is accepted what about a ../ or maybe a ../../
If you are thinking correctly you remember that the ../ references one directory below the current directory. Now taking this into concept and beforing a bit more, a malicious user could input something similar to a ../../system32/cmd.exe which would call the cmd.exe applications within the windows web server. This will have dangerous potential and is a huge security violation.
URLEncoded and other Unicode Variations

Protecting just against the . / and \ is not enough. Malicious users are a smart bunch. They will use URLEncoding and other variations of Unicode to bypass your checking and validation attempts.
How to protect against Directory Traversal attacks

To protect against directory traversal attacks, the developer will need to validate the input correctly against a white list. Now you can’t just say no . is allowed, because maybe in this case you might want to allow a . It would be best to use a regular expression to verity the filename passed in. A regular expression can be created to accept only an alpha-numeric filename followed by a . then a three character filename. This would provide some additional protection against the directory traversal attack.

Unfortunately we still need to go another step further. To protect against URLEncoded and Unicode variation attacks you will need to use a URLDecoded function and unicode converter to verify that you are working only with the ASCII set of characters.

Explore More

Download Execution with Java

This tutorial will show you how to use java applets within your website which automatically download and execute your malware onto the visitor’s computer. Some people may of heard about

What are worms?

Worms are programs that replicate themselves from one system to another without using a host file. Although in most cases worms exist inside files, such as Word or Excel documents,

Critical SQL Injection in mail4U is a production of Bagan Cybertech

PlanetCreator has reported another critical SQL Injection (vulnerability) on mail4U is a production of Bagan Cybertech http://www.mail4u.com.mm/ SQL injection is a code injection technique that exploits a security vulnerability occurring