https://stackoverflow.com/questions/16317996
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianIf the server is set up to block ../ but fails to block directory traversals using ..\, you could bypass sanitation. You might have to replace more slashes, or a different combination; I would certainly try ..%5C..%5C before ..%5C../.
Directory traversal attacks
-
13-04-2022 - |
Question
I'm trying to understand directory traversal attacks from http://www.acunetix.com/websitesecurity/directory-traversal/
I've understood the Attack via Web Application Code:-
e.g. http://test.webarticles.com/show.asp?view=../../../../../Windows/system.ini
where ../ will move one directory up.
In directory traversal attacks via Web Server, it says that web server escape codes are used to execute commands.
e.g. http://server.com/scripts/..%5c../Windows/System32/cmd.exe?/c+dir+c:\
where %5c is the escape code for '\'.
How is this URL parsed by the webserver? To be more clear, once the webserver receives this URL, it will navigate to the scripts folder but then it will encounter the escape code. So it will treat all following characters as normal. So ../Windows/System32/cmd.exe?/c+dir+C:\ is treated as normal. Then, what is the use of .. before %5c?
Solution
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
