What is a Traversal Directory vulnerability ?


The traversal directory attacks consist in changing the path of the tree in the URL in order to access unauthorized directories of the site. The traversal directory flaw allows hackers to recursively browse all files and directories on a server. Any web server with badly controlled user entries is vulnerable to this attack type.

If the attempt succeeds, the attacker can view and modify confidential files, configuration files, and use them to execute malicious codes he created. A hacker may be able to read the contents of confidential files stored on a server and circulate these sensitive data, or sell them to other malicious people.

Example :
On vulnerable servers, one just has to go up the path with several strings such as "../" : http://domaine.com/../../../../directory/file

It is also possible to encode some characters :
Via URL encoding :
http://domaine.com/..%2F..%2F..%2Fdirectory/file
%2F is the encode value of « / »

Either with a Unicode encoding we get :
http://domaine.com/..%u2216..%u2216directory/file
%u2216 is the encode value of « / »


How to protect yourself against Traversal Directory vulnerabilities ?


To protect yourself against this type of vulnerability it is essential to configure your web server properly in order to prevent a user from navigating on pages he is not supposed to access.
A few advices:


  • Prevent pages below the root of the website (chroot mechanism)

  • Stop displaying files in a directory that does not contain any index file ("Directory Browsing")

  • Delete useless directories and files (including hidden files)

  • Make sure that the server protects access to directories containing sensitive data