Directory Traversal Defined
Directory Traversal (DT) is a HTTP exploit that malicious hackers use in order to gain access to account directories and the data contained within. A successful exploit can result in the entire web server being compromised, including access to directories that are used to control access to restricted areas. For example, the Root Directory is the top-level directory on the server’s file system. Directory Traversal can be used to gain unauthorized access to this sensitive directory. However, Access Control Lists (ACLs) can be used to control and manage user access for viewing, modifying and executing files.
This vulnerability occurs when browser input is not properly validated, thus allowing malicious attackers to gain access to privileged areas. The Directory Traversal vulnerability can be found in multiple coding languages including Perl, PHP, Apache, Python, ColdFusion and others.
How the DT exploit works
There are two main types of DT vulnerabilities – web server vulnerabilities and application code vulnerabilities.
- Web server: This type of attack typically targets the execution of files. A customized URL containing the name of the target file is sent to the web server along with specific escape codes and other malicious commands. These escape codes allow the attacker to bypass filtering software which results in unauthorized execution of the target file.
- Application code: This exploit is performed when an attacker sends a customized URL to the web server that commands the server to return specific files to the application. But first, the attacker must discover the correct URL that commands the application to retrieve the file from the web server. Once the URL has been discovered, it is modified with the name of the target file for the purpose of maliciously executing it.
How to prevent DT exploits
Proper methods of input validation should be implemented to defend against DT vulnerabilities. Once all input commands are validated, malicious attackers have no way to access the aforementioned Root Directory, nor can they execute any restricted files. Filters can also be used to further restrict commands and user input. These filters typically block escape codes and other malicious commands that are typically used by attackers to bypass filters and other restrictions. All software should be kept up-to-date by installing patches and security updates on time.
See Directory Traversal Cheat Sheet, Attack Examples & Protection at Vulnerability Knowledge Base.