Many web applications use server-side scripts to include different kinds of files. These mechanisms are designed to prevent malicious users from accessing sensitive files (for example, the common /etc/passwd file on a UNIX-like platform) or to avoid the execution of system commands.
The definition of the privileges is made using Access Control Lists (ACL) which identify which users or groups are supposed to be able to access, modify, or execute a specific file on the server. Users have to consider this directory as the base directory into the hierarchical structure of the web application. Web servers try to confine users’ files inside a “root directory” or “web document root”, which represents a physical directory on the file system. Traditionally, web servers and web applications implement authentication mechanisms to control access to files and resources.
#GREP DIRECTORY WITH SPACES CODE#
In particular situations, it could be possible to execute arbitrary code or system commands. Using input validation methods that have not been well designed or deployed, an aggressor could exploit the system in order to read or write files that are not intended to be accessible. Many web applications use and manage files as part of their daily operation.
Home > Latest > 4-Web Application Security Testing > 05-Authorization Testing Testing Directory Traversal File Include ID
0 kommentar(er)
