Directory Traversal Vulnerability Definition and Solutions
A security vulnerability that we may encounter in web applications is also Directory Traversalis . The directory overflow vulnerability is the ability to provide read or write access to files that should not be accessed on the web server with user-supplied entries.
An attacker who connects to the application on dynamic pages where the necessary input controls (filtering / encoding, etc.) are not made, can exploit this vulnerability and read files on the presentation that they should not normally access.
How to Detect Index Overflow Vulnerability?
The directory overflow vulnerability can be detected by entering certain entries through the target web application, based on different file names or the returned result.
Usually, attackers first test whether their traversal sequence is blocked to detect if there is any filtering. Assuming that the file name you send is combined with a directory name predetermined by the application, a non-existent directory name is added to the parameter value, then umlauts and backslashes. is added.
For example,
- “file=foo/file1.txt” test is sent to this value as follows: “file=foo/bar/../file.txt”
If it moves to the same directory in both cases, the application may be vulnerable. If it shows different results in both cases, it may be causing an invalid index.
If the application behavior does not change and no error is received in the above test, the following steps can be taken to exceed the starting directory:
- ../../../../../../../../../../../../etc/passwd
- ../../../../../../../../../../../../var/www
How to Fix Directory Expiration Vulnerability?
If no error is received, make sure that JModSecurity RS "40_generic_attacks.conf" with "42_tight_security.confIt can prevent path traversal deficits in the classical sense by using the ” (paronacai mode rule set) sets. However, since the rule set in the paranoid mode is very strict, it can create too many "false-positives". However, path traversal variations in the "absoulte path traversal" type ModSecurity can be successfully blocked.
Briefly,
index out The vulnerability is a security vulnerability that allows attackers to access directories they would not normally be able to access and read sensitive data. The vulnerability can be characterized by different levels of danger, depending on the type of sensitive data that can be exposed.