Http Path Traversal In Url Path
Description
This detector identifies path traversal vulnerabilities by testing if an application allows unauthorized access to files outside the intended directory structure. It appends common path traversal payloads (like "../../../etc/passwd") to URLs and checks if the response contains sensitive system files, indicating that directory restrictions can be bypassed to access unauthorized content.
Detection Strategy
• Appends various path traversal payloads (such as '../../../etc/passwd', '..\..\windows\system32\drivers\etc\hosts') to the current URL path
• Makes HTTP requests to each modified URL and examines responses that return HTTP 200 status
• Searches response content for signatures of sensitive system files (like Unix passwd files, Windows system files, etc.)
• Reports a vulnerability when any response contains recognizable patterns indicating successful access to system files that should be protected
Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.