Path traversal in REST style URLs?
Can path traversal vulnerabilities occur in REST style URLs?
For example: https://x.com/filename/img.jpeg
https://x.com/filename/../../../../../etc/passwd
Does this make sense ?
Category Archives: directory traversal
Advice on how to organize web folders to prevent paths from being found out
In a private area of a website, I need to create a folder tree containing documents belonging to different clients.
The contents of these directories can only be accessed if you are logged in, but I want to avoid that a client can deduce t… Continue reading Advice on how to organize web folders to prevent paths from being found out
What are the potential risks of being able to navigate to any arbitrary directory on a web server?
I opened the access to a certain directory via SSH/FTP. Some adjustment to my web project is necessary, so I have organized an access for a programmer.
The problem is that the command "cd" is available without any limits.
I mean … Continue reading What are the potential risks of being able to navigate to any arbitrary directory on a web server?
How does FTP Bounce work
I am currently doing a project on FTP bounce and after reading up, I still do not really get how it works/can work. Appreciate if I can receive enlightenment from the experts here.
I understand that the FTP bounce vulnerability allows an a… Continue reading How does FTP Bounce work
Directory traversal fix for nginx config
I discovered that my website has this issue and I wasn’t able to fix this. I
tried several things like to checking if parent prefixed locations for Nginx alias directives end with a directory separator , but no luck so far. Merge_slashes … Continue reading Directory traversal fix for nginx config
Could Directory Path Traversal vulnerability write a file?
I was reading owsap top 10 for Web Applications and it comes with File Path Traversal Vulnerability and when i deep looking to it i got it a vulnerability for only reading files from a server and when it comes to write files it called then… Continue reading Could Directory Path Traversal vulnerability write a file?
PHP Source Code CTF [closed]
I am doing a CTF and am trying to change the link so it can run a "flag" program. I was able to get the PHP source code as shown below. But I am stuck and I do not know how I should change the website link to get the flag.
http:/… Continue reading PHP Source Code CTF [closed]
Path traversal in POST request?
Does it make sense to try path traversal on the filename value during a file upload request? Should I encode special characters in the POST request?
For example
POST
[…]
—-boundary
Content-Disposition: form-data; name="hello.pdf… Continue reading Path traversal in POST request?
Brute force without DOS’ing the server
How to conduct brute force tests for directory traversal or other operations that require trial and error without accidentally turning it into DOS attack?
It comes to how much bandwidth a site is capable of (and other things like memory) a… Continue reading Brute force without DOS’ing the server
watch out for directory traversal/path traversal security problem [closed]
After some research on the internet and read some articles/posts about directory traversal/path traversal security problem, I still don’t quite get when I need to watch out for this kind of security problem, should I always need to watch o… Continue reading watch out for directory traversal/path traversal security problem [closed]