Directory Traversal attack

OWASP

OWASP Web Security Testing Guide 4.2 > 5. Authorization Testing > 5.1. Testing Directory Traversal File Include

ID	Link to Hackinglife	Link to OWASP	Description
5.1	WSTG-ATHZ-01	Testing Directory Traversal File Include	- Identify injection points that pertain to path traversal. - Assess bypassing techniques and identify the extent of path traversal (dot-dot-slash attack, Local/Remote file inclusion)

Resources

• PayAllTheThings

Directory traversal vulnerabilities, also known as path traversal or directory climbing vulnerabilities, are a type of security vulnerability that occurs when a web application allows unauthorized access to files and directories outside the intended or authorized directory structure. Directory traversal vulnerabilities can lead to serious data breaches and system compromises if not addressed/mitigated.

Directory traversal vulnerabilities typically arise from improper handling of user input, especially when dealing with file or directory paths. This input could be obtained from URL parameters, user-generated content, or other sources. An attacker takes advantage of lax input validation or insufficient sanitization of user inputs. They manipulate the input by adding special characters or sequences that trick the application into navigating to directories it shouldn't have access to.

Before testing

Each operating system uses different characters as path separator:

Unix-like OS:

root directory: "/"
directory separator: "/"

Windows OS' Shell':

root directory: "<drive letter>:\"
directory separator: "\" or "/"

Classic Mac OS:

root directory: "<drive letter>:"
directory separator: ":"

Basic exploitation

We can use the .. characters to access the parent directory, the following strings are several encoding that can help you bypass a poorly implemented filter.

../
..\
..\/


#####
# - URL encoding and double URL encoding
#####

# ../
%2e%2e%2f
%2e%2e/
..%2f

# ..\
%2e%2e%5c
%2e%2e\
..%5c
%252e%252e%255c

... 
%252e%252e%252f
%c0%ae%c0%ae%c0%af
%uff0e%uff0e%u2215
%uff0e%uff0e%u2216

Interesting files

Interesting Windows files Interesting Linux files

Tools and payloads

• See updated chart: Attacks and tools for web pentesting.
• DotDotPwn - The Directory Traversal Fuzzer - http://dotdotpwn.sectester.net

Last update: 2024-04-04
Created: January 18, 2023 20:02:39