Stack Overflow
Stack Overflow

Questions tagged [directory-traversal]

Directory traversal is a form of HTTP exploit in which a hacker uses the software on a Web server to access data in a directory other than the server's root directory. If the attempt is successful, the hacker can view restricted files or even execute commands on the server. Directory traversal attacks are commonly performed using Web browsers. Any server in which input data from Web browsers is not validated is vulnerable to this type of attack.

Directory traversal is a form of HTTP exploit in which a hacker uses the software on a Web server to access data in a directory other than the server's root directory. If the attempt is successful, the hacker can view restricted files or even execute commands on the server. Directory traversal attacks are commonly performed using Web browsers. Any server in which input data from Web browsers is not validated is vulnerable to this type of attack.

Although some educated guesswork is involved in finding paths to restricted files on a Web server, a skilled hacker can easily carry out this type of attack on an inadequately protected server by searching through the directory tree. The risk of such attacks can be minimized by careful Web server programming, the installation of software updates and patches, filtering of input from browsers, and the use of vulnerability scanners.

Directory traversal is also known as directory climbing or backtracking.

81 questions
0
votes
1 answer

How to fix aspx?Dir=http://externalwebsite.com IIS 8.5 vulnerability

I work with developing and pre-production IIS servers to publish and test the web applications we develop. Some Ethical Hacking consultant came and warned us about a vulnerability they found in some of our…
Jose Sansuste
  • 1
  • 1
  • 2
0
votes
3 answers

Error in traversing a directory TypeError: coercing to Unicode: need string or buffer, list found

for files in os.walk("Path of a directory"): for file in files: print(os.path.getmtime(os.path.abspath(file))) I want to print modified time of all files in a directory. Why it gives this error? Traceback (most recent call last): File…
Ajay Bohare
  • 11
  • 5
0
votes
2 answers

python tree directories unique names, tree algorithms

I'm working with terrible system which has implemented directory tree structure and support import of this structure in a "strange way", because import support only format child;parent. Import constraints: - child items must have unique name - if…
oglop
  • 616
  • 1
  • 5
  • 14
0
votes
1 answer

Preventing access to WEB-INF from JSP

I am working on some security alerts on one of our servers whereby a 'file download' JSP file is able to let a user download contents of WEB-INF for the web application (Which is located in the root folder of the site). It is a very crudely simple…
Tom17
  • 345
  • 4
  • 14
0
votes
3 answers

PHP: Recommended way to escape slashes in path (e.g. to prevent directory traversal attack)

I am looking for a PHP function to sanitize strings into safe and valid file names with no directory separators (slashes). Ideally it should be reversible, and it should not scramble the name more than necessary. Of course I want to prevent…
donquixote
  • 3,947
  • 1
  • 24
  • 46
0
votes
2 answers

How do I access the parent directory of public_html in Apache?

I remember reading a while ago how it's possible for someone to access your computers filesystem from the website. I want to know how to do it, so I can test and prevent it from happening. Running Apache 2.4 on Windows via XAMPP My virtualhost is…
tgun926
  • 1,363
  • 3
  • 19
  • 31
0
votes
2 answers

Directory traversing in C

I tried to search for this question but couldn't find satisfying answer. So here's my question: I am traversing through directories with following variations of…
harshad
  • 380
  • 3
  • 16
0
votes
0 answers

Can't traverse directory tree in python with os.walk() because it says a name is not defined

So as part of a homework, I have to traverse through a directory tree, and it seems that os.walk is the best choice for this. I am using cygwin to run my python scripts. The path of the tree that I am trying to traverse is: …
Kamal
  • 380
  • 3
  • 14
0
votes
1 answer

Questions About Directory Traversal

I am working on this problem: https://www.hackthissite.org/missions/realistic/3/ The site above has been hacked and it is our job to return it back to its original state. I started by looking at the source code. The hacker left a comment…
user3295361
  • 1
  • 2
0
votes
2 answers

PHP realpath not working to prevent directory traversal

I have received someone else's code for a system that shows folders with photos in them in your browser. For example, this is a possible url on the site: gallery.php?action=view&folder=Cars At the moment, you can replace "Cars" with…
yesman
  • 5,531
  • 9
  • 39
  • 87
0
votes
1 answer

why does this php folder list script repeat its self twice?

hey im just building a little php script at the moment to list folders and files inside a directory (not worried about security or validation - my use only) but for some reason - it seems to scan the base directory twice before moving to the next.…
user2475055
  • 3
  • 3
0
votes
1 answer

How to modify a C program to turn it into a function

I'm trying to take a given program and turn it into a function (so that i can modify it for a recursive call). The original assignment is for a directory traversal (depth-first). This is just to help me get started. Original Program: #include…
Evytyn
  • 81
  • 1
  • 8
0
votes
2 answers

Does my code prevent directory traversal in C#?

Please find below code that i have written: private void WriteLogs(Guid _guid) { string varpath = ConfigurationManager.AppSettings["LogFilePath"].ToString() + @"\ErrorLogs\Logs\"; string FileName = _guid.ToString() + ".txt"; string finalPath =…
Nilesh Sarvaiya
  • 49
  • 2
  • 9
0
votes
1 answer

Directory traversal attacks

I'm trying to understand directory traversal attacks from http://www.acunetix.com/websitesecurity/directory-traversal/ I've understood the Attack via Web Application Code:- e.g.…
user720694
  • 1,857
  • 6
  • 28
  • 53
0
votes
5 answers

How to find folder below given section of a path?

Given a path and a certain section, how can I find the name of the folder immediately below that section? This is hard to explain, let me give some examples. Suppose I am looking for the name of the folder below 'Dev/Branches'. Below are example…
Colonel Panic
  • 119,181
  • 74
  • 363
  • 435
1 2 3 4
5
6