diff --git a/book/lang/en/source/_includes/Directory-Traversal.rst b/book/lang/en/source/_includes/Directory-Traversal.rst index d943641..822344f 100644 --- a/book/lang/en/source/_includes/Directory-Traversal.rst +++ b/book/lang/en/source/_includes/Directory-Traversal.rst @@ -12,7 +12,7 @@ The point here is that relative path handling aside (``include_path`` setting fr In a Path Traversal vulnerability, the common factor is that the path to a file is manipulated to instead point at a different file. This is commonly achieved by injecting a series of ``../`` (Dot-Dot-Slash) sequences into an argument that is appended to or inserted whole into a function like ``include()``, ``require()``, ``file_get_contents()`` or even less suspicious (for some people) functions such as ``DOMDocument::load()``. -The Dot-Dot-Slash sequence allows an attacker to tell the system to navigate or backtrack up to the parent directory. Thus a path such as ``/var/www/public/../vendor`` actually points to ``/var/www/public/vendor``. The Dot-Dot-Slash sequence after ``/public`` backtracks to that directory's parent, i.e. ``/var/www``. As this simple example illustrates, an attacker can use this to access files which lie outside of the ``/public`` directory that is accessible from the webserver. +The Dot-Dot-Slash sequence allows an attacker to tell the system to navigate or backtrack up to the parent directory. Thus a path such as ``/var/www/public/../vendor`` actually points to ``/var/www/vendor``. The Dot-Dot-Slash sequence after ``/public`` backtracks to that directory's parent, i.e. ``/var/www``. As this simple example illustrates, an attacker can use this to access files which lie outside of the ``/public`` directory that is accessible from the webserver. Of course, path traversals are not just for backtracking. An attacker can also inject new path elements to access child directories which may be inaccessible from a browser, e.g. due to a ``deny from all`` directive in a ``.htaccess`` in the child directory or one of its parents. Filesystem operations from PHP don't care about how Apache or any other webserver is configured to control access to non-public files and directories. @@ -22,4 +22,4 @@ Examples of Path Traversal Defenses against Path Traversal -------------------------------- \ No newline at end of file +-------------------------------