Access file system through query string or params
https://stackoverflow.com/questions/4964948
-
12-11-2019 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
I have been given a task of reproducing the issue/testing the unauthorized access to file system through request.param and query string.
For instance i have something like this. request.querystring("blah"); How could somebody pass "../../../b1/b2" in the query string and access file system.
This may be related to cross site scripting.
Need help..at least provide resources. Thanks in advance.
Solution
Wish I could provide a definitive answer, but can at least steer you in some direction. Not sure how confident you are that request.querystring() was indeed responsible, but some possibilities are:
Directory Traversal/Path Traversal:
Overview: http://en.wikipedia.org/wiki/Directory_traversal
Testing For: http://www.owasp.org/index.php/Testing_for_Path_Traversal
Remote File Inclusion:
Overview: http://en.wikipedia.org/wiki/Remote_file_inclusion
Tutorial: http://www.offensivecomputing.net/?q=node/624 (KnightLighter's Tutorial)
Hope this moves you in the right direction.
