Path Traversal Vulnerabilities: A Beginner’s Guide

Welcome to BBX!

Get your bytes up for today’s topic: Path Traversal Vulnerability.

In web security, it’s crucial to be aware of potential weaknesses in your applications. One such vulnerability is Path Traversal, also known as directory traversal.

In this blog post, we’ll take a close look at what path traversal is, how it can be exploited, and most importantly, how you can shield your applications from this type of attack.

What is Path Traversal?

Path traversal is a fancy term for a vulnerability that allows a sneaky attacker to peek at files on a server running an application. These files could be important stuff like application code, secret credentials, or even files that help the computer run properly.

How Does the Trick Work?

Imagine a pretend shopping app that shows pictures of things you can buy. When the app wants to show a picture, it uses a special code that looks like this:

<img src="/loadImage?filename=218.png">

This code tells the app to get the picture with the name “218.png”. The pictures are kept in a special folder called /var/www/images/. So, the app joins the folder's name with the requested picture's name, like putting puzzle pieces together, and then it reads the picture.

Sneaky Moves: Exploiting Path Traversal

Now, let’s say there’s a bad person who wants to peek at secret files. They might try a tricky web address like this:

https://insecure-website.com/loadImage?filename=../../../etc/passwd

This tricky address is trying to grab the /etc/passwd file from the server. The ../ parts in the address mean "go up one level." So, the three ../ pieces take them from /var/www/images/ to the main computer folders. This way, they end up reading the file:

/etc/passwd

On some computers, this file has info about registered users. But this sneaky trick could be used to get other secret files too.

let’s do it with a practical :-

• we are going to test it on the portswigger academy labs. The website we got for test is:-

• Now start the Burp proxy for intercepting the request browser sending. I using ‘foxy proxy’ .

• shoot Your burp and make ‘Intercept On’ to see the requests.
• After taping on any product we got this HTTP request

• After changing filename path to “15.jpg” to ‘ ../../../etc/passwd’ and sending it we got 200 ok and fetched many directories as shown.

And that’s it.

Keeping Safe: How to Protect Against Path Traversal

To keep your applications safe from path traversal tricks, here are some simple steps you can take:

1. Check User Input: Always be careful with what users type. Make sure file names don’t have tricky parts like ../.
2. Make a List: Keep a list of the files that are allowed. Only let the app read files from this list.
3. Lock the Door: Use strong locks! Set strict rules about who can see important files.
4. Stay in Your Room: Imagine your app is in a special room. Don’t let it wander around in other rooms where it shouldn’t be.
5. Lock the Door: Use strong locks! Set strict rules about who can see important files.
6. Double-Check with Friends: Regularly ask experts to test your app and see if there are any sneaky ways in.

Conclusion

Path traversal problems can be like secret doors for sneaky people. But by understanding how they work and using simple tricks to protect your apps, you can keep them safe and sound. Always be on the lookout, keep your computer updated, and put safety first when you’re building things!

Keep the bytes.BBX signing off see you in next post.

— BBX