Stack Overflow
Stack Overflow

Questions tagged [directory-traversal]

Directory traversal is a form of HTTP exploit in which a hacker uses the software on a Web server to access data in a directory other than the server's root directory. If the attempt is successful, the hacker can view restricted files or even execute commands on the server. Directory traversal attacks are commonly performed using Web browsers. Any server in which input data from Web browsers is not validated is vulnerable to this type of attack.

Directory traversal is a form of HTTP exploit in which a hacker uses the software on a Web server to access data in a directory other than the server's root directory. If the attempt is successful, the hacker can view restricted files or even execute commands on the server. Directory traversal attacks are commonly performed using Web browsers. Any server in which input data from Web browsers is not validated is vulnerable to this type of attack.

Although some educated guesswork is involved in finding paths to restricted files on a Web server, a skilled hacker can easily carry out this type of attack on an inadequately protected server by searching through the directory tree. The risk of such attacks can be minimized by careful Web server programming, the installation of software updates and patches, filtering of input from browsers, and the use of vulnerability scanners.

Directory traversal is also known as directory climbing or backtracking.

81 questions
1
vote
1 answer

Show directory tree instead of index.html

how can I define apache virtual host to show a directory tree even if index.html/php exists?
jeff
  • 959
  • 1
  • 16
  • 37
1
vote
1 answer

Get the filename from bash script recursively using find

I am trying retrieve the filename from the find command recursively. This command prints all the filenames with full path > for f in $(find -name '*.png'); do echo "$f";done > ./x.png > ./bg.png > ./s/bg.png But when i try to just get the…
RameshVel
  • 60,384
  • 28
  • 166
  • 207
1
vote
2 answers

traversing directories with php?

I have a path to a folder (e.g. /var/www/tester/assets/themes/default/css/). a user can provide a relative path to the folder, so for example. layout/ie7.css would give the path of /var/www/tester/assets/themes/default/css/layout/ie7.css. This works…
Hailwood
  • 79,753
  • 103
  • 257
  • 412
0
votes
0 answers

How to fix CWE 73 Veracode in a windows form application

In our windows application, we have a functionality to download a file to local folder in dekstop. To implement this we are following the code as below. internal void CreateDirectory(string fileName) { string path =…
Partha
  • 1
  • 2
0
votes
2 answers

Allow Directory Traversal Apache2

I'm currently in a penetration testing class at my school. I'm trying to create a CTF for a project. One of my goals is to set up an Apache web server that allows directory traversal so people attempting my CTF can traverse to my root directory and…
Jeffrey Carr
  • 45
  • 7
0
votes
0 answers

Preventing Directory Traversal in php get page script

I am trying to implement a secure php get page function afer my website got hacked with LFI, RFI and DTA (I got the whole package LOL). Browsing the web I found this script which seems to work fine in preventing inclusions of files that I did not…
Gumbo
  • 1
0
votes
0 answers

Why is abspath returning inconsistent file paths from same directory?

I'm using os.walk() to traverse a folder and get the fully-qualified path for certain documents for processing. def folderLoop(): for path, dirs, files in os.walk(inFolder): for filename in files: if fnmatch.fnmatch(filename,…
coryd343
  • 1
  • 1
0
votes
0 answers

Safely extract zip using Python 3.7

My question is sort of a duplicate of this one, with the exception that I'm asking about Python 3.7 The docs say that the extractall method attempts to prevent directory traversal attacks, but it's unclear to me how safe this module is. What is the…
Bee
  • 103
  • 1
  • 8
0
votes
0 answers

how to recursively traverse through given HDFS directory and fetch the filename with path in pyspark

Structure of my directory in hdfs looks like below: ----Directory |----sub folder 1 |--------file 1 |---------file 2 | |----sub folder 2 |--------file 1 |---------file 2 …
Neetha Mary Paul
  • 11
  • 2
0
votes
2 answers

Remove all but newest file from all sub directories

I have found the following which will list the files in all subdirectories, hide the last 5, and then delete the rest: find -type f -printf '%T@ %P\n' | sort -n | cut -d' ' -f2- | head -n -5 | xargs rm Unfortunately if I don't know how many…
cycloxr
  • 367
  • 1
  • 2
  • 14
0
votes
1 answer

Traverse directory at URL to root in Python

How can you traverse directory to get to root in Python? I wrote some code using BeautifulSoup, but it says 'module not found'. So I have this: # # There is a directory traversal vulnerability in the # following page…
Ollie
  • 279
  • 5
  • 15
0
votes
1 answer

Scripts traversing through directories looking for specific set of files and folders

I'm trying to create a script that will traverse through all folders and subfolders of rootDir looking for specific set of folders and files. If script will find the folder (for ex. testfolder1) in which there…
warezsoftwarez
  • 47
  • 5
0
votes
3 answers

How to traverse directories a path consists of in BASH

I'm about to program a file parser which is operating in a directory tree structure. Once I find a specific leaf directory I want to go through all directories which the path consists of and do some operations within them. Let's say the path is:…
adob
  • 3
  • 3
0
votes
1 answer

How can I make this function dynamic based on directory traversal of an explicitly referenced, known folder?

The script below is designed to take each folder defined as "WIDGET" and iterate over its files, loading their contents into the database as a widget object. It works fine, however, as you can see below, for every folder inside of the widget folder…
Scott B
  • 35,095
  • 61
  • 148
  • 245
0
votes
1 answer

Protecting against directory traversal

newbie here, int the following the it takes in a file as a parameter and concatenates it to the directory string, it then looks for the file and using streams fetches and serves the file to the browser for downloading. This code is susceptible to…
averageCoder
  • 13
  • 1
1 2 3
4
5 6