The Web Application Hacker’s Handbook Discovering and Exploiting Security Flaws



Download 5,76 Mb.
Pdf ko'rish
bet580/875
Sana01.01.2022
Hajmi5,76 Mb.
#293004
1   ...   576   577   578   579   580   581   582   583   ...   875
Bog'liq
3794 1008 4334

Common Vulnerabilities

Path traversal vulnerabilities arise when user-controllable data is used by the

application to access files and directories on the application server or other

back-end file system in an unsafe way. By submitting crafted input, an attacker



Exploiting Path Traversal

C H A P T E R

10

70779c10.qxd:WileyRed  9/14/07  3:13 PM  Page 333



may be able to cause arbitrary content to be read from, or written to, anywhere

on the file system being accessed. This often enables an attacker to read sensi-

tive information from the server, or overwrite sensitive files, leading ulti-

mately to arbitrary command execution on the server.

Consider the following example, in which an application uses a dynamic

page to return static images to the client. The name of the requested image is

specified in a query string parameter: 

https://wahh-app.com/scripts/GetImage.aspx?file=diagram1.jpg

When the server processes this request, it performs the following steps:

1. Extracts the value of the 

file

parameter from the query string.



2. Appends this value to the prefix 

C:\wahh-app\images\

.

3. Opens the file with this name. 



4. Reads the file’s contents and returns it to the client.

The vulnerability arises because an attacker can place path traversal

sequences into the filename in order to backtrack up from the image directory

specified in step 2 and so access files from anywhere on the server. The path

traversal sequence is known as “dot-dot-slash,” and a typical attack would

look like this:

https://wahh-app.com/scripts/GetImage.aspx?file=..\..\windows\repair\sam

When the application appends the value of the 

file

parameter to the name



of the images directory, it obtains the following path:

C:\wahh-app\images\..\..\winnt\repair\sam

The two traversal sequences effectively step back up from the images direc-

tory to the root of the C: drive, and so the preceding path is equivalent to this:

C:\winnt\repair\sam

Hence, instead of returning an image file, the server actually returns the

repair copy of the Windows SAM file. This file may be analyzed by the

attacker to obtain usernames and passwords for the server operating system.

In this simple example, the application implements no defenses to prevent

path traversal attacks. However, because these attacks have been widely

known about for some time, it is common to encounter applications that

implement various defenses against them, often based on input validation fil-

ters. As you will see, these filters are often poorly designed and can be

bypassed by a skilled attacker.




Download 5,76 Mb.

Do'stlaringiz bilan baham:
1   ...   576   577   578   579   580   581   582   583   ...   875



Ma'lumotlar bazasi mualliflik huquqi bilan himoyalangan ©hozir.org 2024
ma'muriyatiga murojaat qiling
kiriting | ro'yxatdan o'tish
    Bosh sahifa
юртда тантана
Боғда битган
Бугун юртда
Эшитганлар жилманглар
Эшитмадим деманглар
битган бодомлар
Yangiariq tumani
qitish marakazi
Raqamli texnologiyalar
ilishida muhokamadan
tasdiqqa tavsiya
tavsiya etilgan
iqtisodiyot kafedrasi
steiermarkischen landesregierung
asarlaringizni yuboring
o'zingizning asarlaringizni
Iltimos faqat
faqat o'zingizning
steierm rkischen
landesregierung fachabteilung
rkischen landesregierung
hamshira loyihasi
loyihasi mavsum
faolyatining oqibatlari
asosiy adabiyotlar
fakulteti ahborot
ahborot havfsizligi
havfsizligi kafedrasi
fanidan bo’yicha
fakulteti iqtisodiyot
boshqaruv fakulteti
chiqarishda boshqaruv
ishlab chiqarishda
iqtisodiyot fakultet
multiservis tarmoqlari
fanidan asosiy
Uzbek fanidan
mavzulari potok
asosidagi multiservis
'aliyyil a'ziym
billahil 'aliyyil
illaa billahil
quvvata illaa
falah' deganida
Kompyuter savodxonligi
bo’yicha mustaqil
'alal falah'
Hayya 'alal
'alas soloh
Hayya 'alas
mavsum boyicha

yuklab olish