Commonly known as directory traversal, a Path Traversal attack aims at gaining unauthorized access to directories and files stored outside the web root folder (www/var).
It usually targets config files that are not intended for public view. It gains access by manipulating (../) dot-dot-slash files along with its different variants and file paths. Apart from this attackers also exploit web server vulnerabilities. They use absolute or relative file paths instead of valid file names to access system files, application source code, and server logs along with few other files containing confidential information.
How To Check If You Are Vulnerable To Directory Traversal Attack?
- Avoid storing files containing sensitive information inside the web root.
- If you are working on IIS servers then ensure that the web root is not included in the system disk.
- Be fully aware of the operating system of your device and how it processes the filenames given to it.
How To Prevent Path Traversal Attack?
Here are a few simple methods that will help you stay protected from a Directory Traversal Attack.
- Ensure that you give appropriate permission to the files and directories. On Linux devices, the PHP file runs as www-data users which can prevent users from accessing system files but it does not prevent them from accessing config files specific to web-applications.
- Try to process URI files that do not lead to file requests.
- Whenever you are making a URI request for a file/directory, try building a proper file/directory path and ensure that you normalize the characters as well.
- Once you have created a fully normalized and qualified Document Root with a specific string length N. Ensure that no files are served outside this directory.
- Another point that you need to consider to avoid the Path Traversal attack is that the N character of the Document Root should always match the ones of the qualified path to the requested file.
In addition to this, keep your Web Server software updated with the recent patches. This will keep you protected and will also reduce the security risks to a great extent.
