The Web Application Hacker’s Handbook Discovering and Exploiting Security Flaws

■

Exploiting Path Traversal

Path traversal vulnerabilities are often subtle and hard to detect, and it may be

necessary to prioritize your efforts on locations within the application that are

most likely to manifest the vulnerability.

During your initial mapping of the application, you should already have iden-

tified any obvious areas of attack surface in relation to path traversal vulnera-

bilities. Any functionality whose explicit purpose is uploading or downloading

files should be thoroughly tested. This functionality is often found in workflow

applications where users can share documents, in blogging and auction appli-

cations where users can upload images, and in informational applications

where users can retrieve documents such as ebooks, technical manuals, and

company reports.

In addition to obvious target functionality of this kind, there are various

other types of behavior that may suggest relevant interaction with the file 

system.

■