Path Traversal

Path Traversal Attacks

Path traversal attacks, also known as directory traversal attacks, occur when an attacker exploits vulnerabilities in a web application to access files and directories that are stored outside the web root folder.

By manipulating variables that reference files with ".." (dot-dot slash sequences), an attacker can read, modify, or delete sensitive files on the server, leading to unauthorized access or system compromise.

Prevention

• Input Validation: Validate and sanitize all user inputs, rejecting suspicious patterns.

• Use of Safelists: Employ safelists for file access and operations, restricting the files that can be accessed.

• Least Privilege: Ensure the web server process runs with the minimal privileges necessary.

• Updated Libraries: Keep all server software and libraries updated to mitigate known vulnerabilities.

How Path Traversal Attacks Work

At the core of a path traversal attack is the exploitation of the security mechanism that restricts web users to a certain directory—the web root directory. Attackers manipulate variables that reference filesystem paths, using sequences like ../ (dot-dot slash), aiming to break out of this designated directory.

For instance, if an application uses unvalidated external inputs to construct file paths, an attacker could craft a request that, instead of accessing intended files (e.g., webapp/resources/images/logo.png), accesses sensitive files elsewhere on the server (e.g., ../../etc/passwd).

This kind of attack leverages the fact that ../ is interpreted by the filesystem as a command to move up one directory.

Therefore, by repeatedly inserting ../ into file paths, attackers can traverse upward through the directory structure (a technique often called "dot-dot-slash attack") to reach critical system files or other confidential information, far beyond the intended confines of the web application.