Web application security - the fast guide 1.1 | Page 143

Chapter 7 - Attack execution (3)
P a g e | 143
Restricted
level
7.4 Path traversal method
..\..\
This method depends on the path traversal sequence (..\) (dot-dot-slash) to
initiate an attack in order to access a file outside the permitted directory.
Attack requirement:
A. The code includes a page that load another file dynamically.
B. No validation for special path traversal sequence or white list validation
for permitted files.
Attack process
One of the common used pages on a web site is a page that dynamically load and
show the content of other files specially when direct access to that file is not
permitted so the developer creates this page as a loader to control the access.
http://theVictimSite/filestore/GetFile.ashx?filename=test.jpg
the problem begins if the page GetFile does not provide a proper validation for
the value of the parameter filename hence giving attackers the ability to use
path traversal sequence reach out of reach directories.
The attacker can simply use the following URL to be able to access the contents
of win.ini file
http://theVictimSite/filestore/GetFile.ashx?filename=..\windows\win.ini