Directory Browsing – Web Application Security Part 8


In a digitally dominated world, having an online presence is no longer an option for individuals and organizations. However, exposing your business to the digital world comes with website security risks. This is why constant monitoring and securing of your website applications is essential to prevent confidential information from being exposed.

In our previous web application security blogs, we have covered Open Redirect Vulnerability, Cross-Site Tampering, SQL Injection, Insecure Direct Object Reference (IDOR) and more. In this blog, we’ll focus on directory traversal attacks and how you can prevent them from happening.

What is directory traversal?

Directory traversal is a web application security vulnerability that allows unauthorized users to access files from different folders or directories to which they would otherwise be prohibited. According to the Acunetix Web Application Vulnerability Report 2019, 46% of websites contained high severity vulnerabilities and 87% of websites contained medium severity vulnerabilities.

Web servers and web applications store critical information, such as credentials, backups, access tokens, and operating system files, which could be easily exposed if vulnerabilities were exploited. Web servers use two levels of defense systems to protect stored data: access control lists (ACLs) and the root directory. Web site administrators use the ACL to authenticate themselves and define the rights granted to certain users or groups. The root directory, on the other hand, is where all other folders and files reside and is restricted to the user. Hackers exploit web server software vulnerabilities or application flaws using web browsers and guesswork to gain access to arbitrary files.

The goal behind repertoire traversal attacks

According to Positive Technologies, cyber attacks to obtain confidential data were a major threat to 68% of web applications. With directory traversal attacks, hackers attempt to manipulate web applications to access restricted data from different folders outside of the web root folder. These files are internal server files that are not accessible to users. A successful attempt can expose critical data, such as path names, file names, credentials, and server configuration information, to anonymous hackers. Attackers can also execute malicious commands, modify data, or compromise the entire web server itself.

The different names of a directory traversal attack

A directory traversal attack is also commonly referred to as a path traversal, rollback, or slash attack (../) because it uses certain special characters. The slash point or “../” tells the browser to go back one level to the root directory. For example, the code “x / y / z /../” equals “x / y /”, which allows you to find other files from different folders without using the full path.

Consider the web directory structure shown below. A relative link can be used from index.html to any folder in the root directory (home_html in this case). To create a link between hobbies.html and index.html, you must send a request to tell the browser to go up one document level to home_html to find the file. The relative link is written: a href = “../ index.html”.

Simplified example of a web directory structure.

How does a directory traversal attack work?

Directory traversal attacks can be easily performed if there are vulnerabilities in the web application code and web server configuration. Let’s take a look at an example of PHP code that might be attacked by paths.

In this case, authors can use the command “” to manipulate the web application to reveal hidden information from the / etc / passwd system file. Likewise, attackers can exploit path traversal vulnerabilities to gain access to credentials, modify files, or take complete control of the compromised web server.

A representation showing how a Directory Traversal attack works.

Simplified example of a Directory Traversal attack.

Detection of directory traversal vulnerabilities

Directory traversal vulnerabilities can be easily detected during the software development process with a strong emphasis on security. Web vulnerability scanners are very effective at detecting path crossing vulnerabilities. They crawl the entire website and automatically inspect for vulnerabilities. You can also use code analysis tools, such as Raxis and RIPS Technologies, to analyze and detect faults even before the software is operational. Once the web application is deployed, penetration tests can be administered to identify faults. Another method you can use is fuzzing or fuzz testing to experiment with different inputs to see if any of the malformed data is causing problems. Visit OWASP to learn more about directory traversal vulnerability testing.

Preventing directory traversal attacks

Directory traversal attacks can be avoided by using the latest web server software and making sure the server is well maintained and patches are applied. Another important step to take is to use access control lists wisely and to ensure that the correct access rights are in place. You can also minimize the risk of such attacks by filtering user-provided input from browsers.

Maintain business continuity in the event of a cybersecurity incident

While spanning attacks are among the simplest types of attacks carried out by skilled hackers, they can have a disastrous impact on your business, especially if personal and financial data records are leaked.

Source link


Leave A Reply