Path Traversal


The application is vulnerable to path traversal. The application uses user-controlled data in an unsafe manner to perform file system operations. An attacker can manipulate this data with the “dot-dot-slash (../)” sequence in order to traverse files and directories that reside outside the web document root directory. An attacker can use this vulnerability to access sensitive data and topotentially execute harmful files.

Impact

Path traversal is a serious vulnerability that allows attackers to access to files and directories outside the web document root directory. With arbitrary access to the file system, an attacker can access configuration data, passwords, log files, source code, intellectual property, or system files. If an attacker has previously uploaded a malicious file such as a web shell, they can use path traversal to navigate to the file and execute it.

Risk Rating

Remediation

How To Test

Sample Report Screenshots

Time Saving Tips

Testing Gotchas

References

 

Subscribe here in order to gain access to the AppSec Findings Database

 

Leave a Reply