What is Directory Traversal

An overview of the directory traversal attack also know as a path traversal attack and commonly found in web applications, mobile apps and API’s.

What is a Directory Traversal Attack?

A directory traversal attack (path traversal) is a web vulnerability that allows an attacker to gain access files on your web application which they were not intended. The attack is performed manipulating the path value to escape the current directory and return files that exist outside the webroot.

How are Directory Traversal Vulnerabilities Exploited?

When the webserver receives this request, it appends the relative path specified by the user, ../../etc/hosts, to the directory containing the web pages, /var/www/, to get the full path /var/www/html/../../../etc/hosts. In Unix-like systems, each ../ traverses one directory back within the file system, resulting in the malicious user gaining access to the /etc/hosts file.

The malicious user can use the attack to obtain sensitive information such as database credentials, password or other secrets. The vulnerability could be used to perform further system enumeration to gain enough information to combine multiple attack vectors such as LFI or RFI.

How to Mitigate Path Traversal Vulnerabilities

Ensure the web application and the underlying web server are configured securely and at current patch level.
Implement user input whitelisting, preventing dangerous characters from being entered by the user and accepted as input by the web application will help mitigate a user entering ../ and other special characters used to attempt to traverse the file system.
Ensure the web application sanitizes the file path before accepting any user supplied input.

Directory Traversal Attack FAQ

What is a Directory Traversal Attack?

A directory traversal attack (path traversal) is a web vulnerability that allows an attacker to gain access to files on your web application outside of the webroot.

Potential Risks of a Directory Traversal Attack?

If successfully exploit a path traversal vulnerability could allow a potential attacker access to sensitive information; allowing for enumeration which could potentially lead to additional vulnerabilities being discovered and/or server compromise.

How To Identify a Directory Traversal Attack?

Typical weak areas within web application are file upload functions and other functionality which parses directory paths. Aptive’s website security audit service helps to identify and exploit path traversal vulnerabilities allowing your organisation to stay one step ahead of potentially attackers.