Questions tagged [path-traversal]
27 questions
41
votes
3 answers
What's the best way to defend against a path traversal attack?
I have a Java server implementation (TFTP if it matters to you) and I'd like to ensure that it's not susceptible to path traversal attacks allowing access to files and locations that shouldn't be available.
My best attempt at defending so far is…
![](../../users/profiles/1867.webp)
Rob Oxspring
- 2,706
- 1
- 20
- 27
16
votes
2 answers
Filtering upwards path traversal in Java (or Scala)
Are there any standard library methods that can filter out paths which include special traversal sequences, such as ../ and all other convoluted forms of upwards directory traversal, to safeguard a file path API input from traversing upwards of a…
![](../../users/profiles/1509695.webp)
matanster
- 13,785
- 14
- 75
- 135
3
votes
2 answers
How do I fix SCS0018?
Security Scan SCS0018 Warnings in Visual Studio are shown during the build. Currently, I am working on these warnings to get removed. I tried several MSDN sites but no luck. I have also read OWSAP but they are not clearly related to C#. Please find…
![](../../users/profiles/1817351.webp)
Binod
- 183
- 1
- 1
- 11
2
votes
1 answer
Path traversal with python request
recently I wanted to automate an attack for a web app that is prone to path traversal attacks (NVMS1000) via python requests module.
The request works perfectly with curl by using the option path-as-is:
curl --path-as-is…
![](../../users/profiles/13368614.webp)
Julian12
- 21
- 1
1
vote
1 answer
ASP.NET - Path Traversel exploit when downloading a File
How could I solve this problem in that code. I've tried some approaches, but I couldn't pass the checkmarx test (system used to perform the scan)
FinalUploadFolder comes from the WebConfig file, which is where the files are saved
public FileResult…
![](../../users/profiles/5491043.webp)
AllPower
- 129
- 1
- 9
1
vote
2 answers
How can I perform a path traversal attack on this service hosted in IIS?
Background
I am attempting to perform a path traversal attack on a vulnerable service hosted in IIS.
The service is something like this:
GET /api/download/{file-name}
The underlying code is something like this:
return File.Read("some/directory/" +…
![](../../users/profiles/11838196.webp)
srk
- 843
- 2
- 17
1
vote
1 answer
Having issues with Djikstra's algorithm
Trying to implement Dijkstra's via the instructions in this article:
https://medium.com/@adriennetjohnson/a-walkthrough-of-dijkstras-algorithm-in-javascript-e94b74192026
My repl below:
https://repl.it/@Stylebender/DJIK#index.js
The actual Dijkstra…
![](../../users/profiles/10389283.webp)
Michael Chan
- 19
- 3
1
vote
1 answer
Java webapp code returning with a path traversal problem when tested in a bot
So I have been given the task of fixing a path traversal problem in a basic Java web app, but I am quite stuck. We are meant to essentially make sure the code is secure, while maintaining functionality (which is the part i am struggling with)
So far…
![](../../users/profiles/12346847.webp)
ismaeel ali
- 43
- 6
0
votes
1 answer
A Path Traversal vulnerability in asp.net core
I already tried these solutions
Does my code prevent directory traversal in C#?
Is Path Traversal Vulnerabilities possible in my below code?
How to prevent Path Traversal in .NET
How to avoid Directory Traversal in my code
But still, Checkmarx…
![](../../users/profiles/4390783.webp)
gaurav bhavsar
- 1,883
- 2
- 16
- 34
0
votes
0 answers
Path Traversal Attack Any Good With Forced .sql File Extension?
A website takes a completely unchecked request and returns the file from /a/b/c/d/Request_String.sql (formatted). Now, If an attacker wants to abuse a path traversal attack he is stuck with the .sql extension, right? For example, if the input is…
![](../../users/profiles/13653390.webp)
Lainad
- 161
- 7
0
votes
2 answers
Input_Path_Not_Canonicalized - PathTravesal Vulnerability in checkmarx
I am facing path traversal vulnerability while analyzing code through checkmarx. I am fetching path with below code:
String path = System.getenv(variableName);
and "path" variable value is traversing through many functions and finally used in one…
![](../../users/profiles/15197132.webp)
dev29
- 1
0
votes
1 answer
How to deal with Path Traversal?
I'm trying to understand how to deal(in a secure way) with Path Traversal.
For example an application receives from a client a file name via REST API in JSON, look for it in the non-accessible(by outside) directory and retrieve a response with the…
![](../../users/profiles/15117350.webp)
cobofe
- 3
- 2
0
votes
1 answer
Given the cordinates of rectangles, connect them to make path from start to end
There are lot of rectangles ; each one will have lower left and upper right co-ordinates.
And they are either overlapping (fully or partially ) or touching at-least one edge with other one.
Am looking for how to come up with a trace from start to…
0
votes
0 answers
Fixing Path_traversel when downloading a file
How to fix this code so that it does not accuse this type of vulnerability?
I'm using checkmarx to scan, and he encountered this problem when downloading a file
Error reported by checkmarx:
Method Index at line 13…
![](../../users/profiles/5491043.webp)
AllPower
- 129
- 1
- 9
0
votes
1 answer
Does Azure storage allow path traversal?
Security-wise, if I receive parts of the path from the user, do I need to sanitize them?
Oversimplified example (in Python):
from azure.storage.blob import BlobServiceClient
client = BlobServiceClient.from_connection_string("")
container…
![](../../users/profiles/1658617.webp)
Bharel
- 12,244
- 2
- 27
- 48