Directory Traversal Vulnerability

Directory Traversal Defined

Directory Traversal (DT) is a HTTP exploit that malicious hackers use in order to gain access to account directories and the data contained within. A successful exploit can result in the entire web server being compromised, including access to directories that are used to control access to restricted areas. For example, the Root Directory is the top-level directory on the server’s file system. Directory Traversal can be used to gain unauthorized access to this sensitive directory. However, Access Control Lists (ACLs) can be used to control and manage user access for viewing, modifying and executing files.

This vulnerability occurs when browser input is not properly validated, thus allowing malicious attackers to gain access to privileged areas. The Directory Traversal vulnerability can be found in multiple coding languages including Perl, PHP, Apache, Python, ColdFusion and others.

How the DT exploit works

There are two main types of DT vulnerabilities – web server vulnerabilities and application code vulnerabilities.

  • Web server: This type of attack typically targets the execution of files. A customized URL containing the name of the target file is sent to the web server along with specific escape codes and other malicious commands. These escape codes allow the attacker to bypass filtering software which results in unauthorized execution of the target file.
  • Application code: This exploit is performed when an attacker sends a customized URL to the web server that commands the server to return specific files to the application. But first, the attacker must discover the correct URL that commands the application to retrieve the file from the web server. Once the URL has been discovered, it is modified with the name of the target file for the purpose of maliciously executing it.

How to prevent DT exploits

Proper methods of input validation should be implemented to defend against DT vulnerabilities. Once all input commands are validated, malicious attackers have no way to access the aforementioned Root Directory, nor can they execute any restricted files. Filters can also be used to further restrict commands and user input. These filters typically block escape codes and other malicious commands that are typically used by attackers to bypass filters and other restrictions. All software should be kept up-to-date by installing patches and security updates on time.

See Directory Traversal Cheat Sheet, Attack Examples & Protection at Vulnerability Knowledge Base.

The following two tabs change content below.

tal

Latest posts by tal (see all)

Interested in trying CxSAST on your own code? You can now use Checkmarx's solution to scan uncompiled / unbuilt source code in 18 coding and scripting languages and identify the vulnerable lines of code. CxSAST will even find the best-fix locations for you and suggest the best remediation techniques. Sign up for your FREE trial now.

Checkmarx is now offering you the opportunity to see how CxSAST identifies application-layer vulnerabilities in real-time. Our in-house security experts will run the scan and demonstrate how the solution's queries can be tweaked as per your specific needs and requirements. Fill in your details and we'll schedule a FREE live demo with you.