Quick Overview: Path Traversal Vulnerability
Path Traversal vulnerability is an easy-to-find vulnerability in the web application. In OWASP Top 10 2021, it comes under A1: Broken Access Control. 94 percent of web applications have some form of broken access control, as mentioned by OWASP.
What is Path Traversal vulnerability?
Path Traversal vulnerability allows attackers to traverse the application to access restricted files/directories of the server. By exploiting this vulnerability, the attacker is able to access code, credentials of back-end servers, operating system files/libraries, etc.
Security Attributes attacked by Path Traversal vulnerability
- Confidentiality - An attacker is able to access sensitive files/directories by exploiting this vulnerability
- Integrity - An attacker is able to create or insert files, directories, programs, etc.
- Availability - An attacker may delete critical files, programs, libraries, etc. As a result, critical data may not be available to genuine users.
What are the other names for Path Traversal vulnerability?
- Directory Traversal vulnerability
- BackTracking
- Dot-Dot Slash
- Directory Climbing
How can we detect Path Traversal vulnerability?
This is simply achieved by using "./../../../.." for accessing files/directories via bypassing implemented security protection. An attacker is able to find those files/directories by just brute-forcing URL paths and getting sensitive information.
Examples of Path Traversal vulnerability
(1) Access restricted resources via manipulating URL
Suppose a web application is showing exam results of students by using the below URL schema:
https://test-website-url.com/loadResult?rollno=653748
Initially, the web application asked for authentication (username and password) before showing the result.
An attacker now just try to see the exam result of other students by just changing the roll number of the student as mentioned below.
https://test-website-url.com/loadResult?rollno=653745 https://test-website-url.com/loadResult?rollno=653746 https://test-website-url.com/loadResult?rollno=653747 https://test-website-url.com/loadResult?rollno=653744
If an attacker is able to access the exam results of another student, an application has path traversal vulnerability.
(2) Access restricted files via path traversal
Some web applications do not implement security mechanisms against traverse server files. The below example is showing how an attacker accesses a password file:
https://test-website-url.com/loadResult?file=../../../etc/passwd
Mitigation for Path Traversal vulnerability
- The most effective way to mitigate this vulnerability by not allowing user-supplied inputs. If it is not possible, validate the input of the user before supply to the application.
- Use only those inputs which are required (whitelisting) if possible.
- Avoid using blacklisting of inputs as it may be bypassed using crafting input.
- Use a standard vulnerability scanner before deploying the application in the production environment.
Subscribe us to receive more such articles updates in your email.
If you have any questions, feel free to ask in the comments section below. Nothing gives me greater joy than helping my readers!
Disclaimer: This tutorial is for educational purpose only. Individual is solely responsible for any illegal act.
