Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Updated traversed directory. #12

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Updated traversed directory. #12

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions book/lang/en/source/_includes/Directory-Traversal.rst
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@ The point here is that relative path handling aside (``include_path`` setting fr

In a Path Traversal vulnerability, the common factor is that the path to a file is manipulated to instead point at a different file. This is commonly achieved by injecting a series of ``../`` (Dot-Dot-Slash) sequences into an argument that is appended to or inserted whole into a function like ``include()``, ``require()``, ``file_get_contents()`` or even less suspicious (for some people) functions such as ``DOMDocument::load()``.

The Dot-Dot-Slash sequence allows an attacker to tell the system to navigate or backtrack up to the parent directory. Thus a path such as ``/var/www/public/../vendor`` actually points to ``/var/www/public/vendor``. The Dot-Dot-Slash sequence after ``/public`` backtracks to that directory's parent, i.e. ``/var/www``. As this simple example illustrates, an attacker can use this to access files which lie outside of the ``/public`` directory that is accessible from the webserver.
The Dot-Dot-Slash sequence allows an attacker to tell the system to navigate or backtrack up to the parent directory. Thus a path such as ``/var/www/public/../vendor`` actually points to ``/var/www/vendor``. The Dot-Dot-Slash sequence after ``/public`` backtracks to that directory's parent, i.e. ``/var/www``. As this simple example illustrates, an attacker can use this to access files which lie outside of the ``/public`` directory that is accessible from the webserver.

Of course, path traversals are not just for backtracking. An attacker can also inject new path elements to access child directories which may be inaccessible from a browser, e.g. due to a ``deny from all`` directive in a ``.htaccess`` in the child directory or one of its parents. Filesystem operations from PHP don't care about how Apache or any other webserver is configured to control access to non-public files and directories.

Expand All @@ -22,4 +22,4 @@ Examples of Path Traversal


Defenses against Path Traversal
-------------------------------
-------------------------------