Directory Browsing – Web Application Security Part 8


In a digitally dominated world, having an online presence is no longer an option for individuals and organizations. However, exposing your business to the digital world comes with website security risks. This is why constant monitoring and securing of your website applications is essential to prevent confidential information from being exposed.

In our previous web application security blogs, we have covered Open Redirect Vulnerability, Cross-Site Tampering, SQL Injection, Insecure Direct Object Reference (IDOR) and more. In this blog, we’ll focus on directory traversal attacks and how you can prevent them from happening.

What is directory traversal?

Directory traversal is a web application security vulnerability that allows unauthorized users to access files from different folders or directories to which they would otherwise be denied access. According to the Acunetix Web Application Vulnerability Report 2019, 46% of websites contained high severity vulnerabilities and 87% of websites contained medium severity vulnerabilities.

Web servers and web applications store critical information, such as credentials, backups, access tokens, and operating system files, which could be easily exposed if vulnerabilities were exploited. Web servers use two levels of defense systems to protect stored data: access control lists (ACLs) and the root directory. Web site administrators use the ACL to authenticate themselves and define the rights granted to certain users or groups. The root directory, on the other hand, is where all other folders and files reside and is restricted to the user. Hackers exploit web server software vulnerabilities or application flaws using web browsers and guesswork to gain access to arbitrary files.

The goal behind repertoire traversal attacks

According to Positive Technologies, cyber attacks to obtain confidential data were a major threat to 68% of web applications. With directory traversal attacks, hackers attempt to manipulate web applications to access restricted data from different folders outside of the web root folder. These files are internal server files that are not accessible to users. A successful attempt can expose critical data, such as path names, file names, credentials, and server configuration information, to anonymous hackers. Attackers can also execute malicious commands, modify data, or compromise the entire web server itself.

The different names of a directory traversal attack

A directory traversal attack is also commonly referred to as a path traversal, rollback, or slash attack (../) because it uses certain special characters. The slash point or “../” tells the browser to go back one level to the root directory. For example, the code “x / y / z /../” equals “x / y /”, which allows you to find other files from different folders without using the full path.

Consider the web directory structure shown below. A relative link can be used from index.html to any folder in the root directory (home_html in this case). To create a link between hobbies.html and index.html, you must send a request to tell the browser to go up one document level to home_html to find the file. The relative link is written: a href = “../ index.html”.

Source link


Leave A Reply