Taking a look into Directory Traversal

Yo! Wassup lads, wolf is back and today we be looking at some web hacking, directory traversal in particular.

Directory Traversal is a vuln where an application takes user input and uses it in a directory path. Any kind of path controlled by user input that isnt properly sanitized or sandboxed could be vuln to this attack.

Consider an application that allows the user to choose what page to load from a GET parameter, e.g. –

<?php
$page = $_GET[‘page’]; //index.php
include(“/var/www/html” . $page);
?>

But what if the user gave a different input, e.g.

<?php
$page = $_GET[‘page’]; // ../../../../../../etc/passwd
include(“/var/www/html” . $page);
?>

Then this would be a problem because then it will be forced to output the /etc/passwd file to the user and there they would have the contents. This vuln can be often used to leak sensitive data or extract source code to find more vulns etc.

 

I hope you enjoyed this short opening post on a little web hacking and stay tuned for more! Check out the other posts on this page for more hacking tips and tutorials!

See ya next time!

pentester

Leave a Reply