Highest Voted 'path-injection' Questions - IT Security Stack Exchange

93

votes

8 answers

Can secret GET requests be brute forced?

Say, I have on my server a page or folder which I want to be secret. example.com/fdsafdsafdsfdsfdsafdrewrew.html or example.com/fdsafdsafdsfdsfdsafdrewrewaa34532543432/admin/index.html If the secret part of the path is quite long, can I assume…

asked Jun 19 '18 at 04:57

Kargari

911
1
6
5

14

votes

2 answers

Path traversal filter bypass techniques?

I have a Linux-based embedded system with web-interface for management purposes. According to one security paper, this web-server has rudimentary filter against directory traversal attacks in URL parameters. So in order to bypass the "../" filter,…

path-injection

asked Aug 13 '15 at 15:00

Martin

361
2
8
16

9

votes

2 answers

Are there any sequences other than ../ which will be intepreted as directory traversal in *nix or Windows?

A common vulnerability is for web applications to accept a filesystem path as a request parameter, and then perform some action on the specified path. For example, retrieving a file and returning it to the user, or perhaps even writing/deleting a…

appsec exploit webserver directory-traversal path-injection

asked Apr 25 '16 at 18:54

alexw

1,289
2
9
13

7

votes

2 answers

How do you exploit Directory Traversal to traverse from one drive/share to another?

I'm trying to figure out if it is possible to traverse across drives or shares. If I have a path that is concatenated in a web application, where the prefix is a drive, such as this: var path = "D:\" + Request.Params["directory"]; Is it possible…

web-application appsec directory-traversal path-injection

asked Jul 28 '11 at 22:09

joelvh

173
1
4

7

votes

2 answers

Do sudo and .profile/.bashrc enable trivial privilege escalation?

First of all, let me mention that I’m assuming a configuration as set up by current Linux desktop distributions (e. g. Debian, Fedora). I’m sure that there are methods which, if implemented, would mitigate the issues described here. What I’m…

linux privilege-escalation bash sudo path-injection

asked Jun 11 '18 at 00:32

Socob

215
1
5

5

votes

2 answers

Any vulnerabilities in allowing users to choose path of S3 file?

I'm building a web app that uses S3. In some of our operations, we're creating a file on S3 with a path that's directly dependent on user input, so an attacker might cause a file to be created on S3 with whichever path he wants. Is there a way for…

web-application path-injection

asked Feb 24 '14 at 11:16

Ram Rachum

1,998
2
17
20

4

votes

1 answer

strstr and fopen, is there a bypass?

I have a binary that does this: if (strstr(USERCONTROLLERSTRING, "..")) exit; fopen(CurrentPath+"\\Data\\"+USERCONTROLLEDSTRING, "r"); then spits out all the content of the file. Is there any obvious vulnerability here? Its a Windows service, it…

web-application exploit vulnerability c++ path-injection

asked Jul 18 '18 at 15:54

JohnDoes

193
6

3

votes

1 answer

How to protect the code of Windows applications against path traversal?

I'm writing a simple HTTP server in Lua and while I can easily find resources on how to secure against Unix directory traversal, I already found some caveats in the Windows version. While I'm already looking for C:\ at the beginning (C being "any…

path-injection

asked Sep 12 '13 at 13:26

d33tah

6,524
8
38
60

3

votes

1 answer

What attacks use enabled Apache's PATH_INFO?

In Tangled Web Michal Zalewski says: If you are not using path-based parameter passing (such as PATH_INFO), consider disabling this feature. He gave only one example of this vulnerability. There HTTP response of downloaded file contained…

attacks webserver apache path-injection

asked Mar 20 '12 at 12:41

Andrei Botalov

5,267
10
45
73

2

votes

3 answers

sql injection, exec and preg_replace filter

Ive been informed this is not safe to use in regards to sql injection: preg_replace("/[\"'%()@$.!&?_: #\/-]/","", mysql_real_escape_string($_GET['var'])); what would be the difference in the following…

sql-injection path-injection

asked May 13 '13 at 02:57

quick_learner42

123
1
4

2

votes

1 answer

Using this path traversal security issue

I used zap to scan one of my websites and found a path traversal issue. These are the informations: Attack: c:/ URL: www.example.com/example.php Parameter: mail I am now tinkering around in the browser and in CMD with curl and try to get access…

zap path-injection

asked Mar 04 '20 at 14:18

Roman

157
8

2

votes

1 answer

Sanitising a file/folder path from user input

I have an external server make backups of my main server via scp and a backup-only user account. I successfully restricted it to scp only using GNU Rush. The scp command below executed on the backup server downloads /var/www/website1/file2 from the…

linux file-system unix debian path-injection

asked Jan 17 '20 at 09:44

mehov

421
4
9

2

votes

1 answer

What are the dangers of extending my PATH?

Are there any dangers of extending my PATH, say by adding /Users/me/bin?

macos unix risk path-injection

asked Sep 20 '19 at 21:47

gen

1,660
2
18
18

1

vote

2 answers

Is string concatenation vulnerable to null character in aspx?

I just see this line of code in VB in one file .aspx FileUpload.SaveAs(sPath & "/" & FileUpload.FileName) This line save a file that an user uploaded. It use the SaveAs method. I was worried about the sPath because the user can edit it. The user…

asp.net path-injection null-byte-injection

asked Dec 10 '14 at 02:32

Rodrigo

317
1
3
13

1

vote

3 answers

How to exploit this include_once vulnerability in PHP?

I'm performing a static analysis on a PHP code and came across this situation: include_once SYSTEM_PATH . 'languages/content-' . $_COOKIE ['lang'] . '.php'; If I try to hack with this HTTP request: GET /en-us HTTP/1.1 Host: xxxx.com User-Agent:…

php cookies vulnerability path-injection

asked Oct 22 '14 at 14:09

jyz

113
1
6

Questions tagged [path-injection]