Path Traversal attacks occur when the user can specify content to be written on the server. An attacker, relying on the application to pass unsanitized data into a file API, could overwrite files containing sensitive information on the host system running the application. The file access operation will most likely inherit the same permissions as the running application. The attacker will try to exploit the user input by leveraging relative path traversal, ../ or absolute paths for gaining access to files outside the scope of the application.
Impact of Path Traversal
By an attacker having the ability to pass in file paths and the system directly using that data to access the filesystem API, the application could overwrite sensitive information include password files, and server configurations. By allowing the attacker to specify files outside the root directory of the application to system file directories, it can manipulate information to further compromise the system.
Fixes for Path Traversal
To protect against path traversal
Randomize Files and Folders:
- Prevent filenames to specify the destination directory
- Randomize the filename and create a mapping between the filename and the temp file
Secure Upload Directory:
- Access files to a specific directory outside of both the web directory as well as system-level directories
- Secure the folder with the proper permissions
References
CWE-22: Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’)
OWASP: Path Traversal
Wikipedia: Directory Traversal Attack
Geeks-For-Geeks: Path Traversal Attack and Prevention
