The Web Application Hacker’s Handbook Discovering and Exploiting Security Flaws

Many kinds of functionality oblige a web application to read from or write to

a file system on the basis of parameters supplied within user requests. If these

operations are carried out in an unsafe manner, an attacker can submit crafted

input which causes the application to access files that the application designer

did not intend it to access. Known as path traversal vulnerabilities, such defects

may enable the attacker to read sensitive data including passwords and appli-

cation logs, or to overwrite security-critical items such as configuration files

and software binaries. In the most serious cases, the vulnerability may enable

an attacker to completely compromise both the application and the underlying

operating system.

Path traversal flaws are sometimes subtle to detect, and many web applica-

tions implement defenses against them that may be vulnerable to bypasses.

We will describe all of the various techniques you will need, from identifying

potential targets, to probing for vulnerable behavior, to circumventing the

application’s defenses.