Path Traversal
Category ID: 126Status: Draft
+ Description

Summary

An attacker uses path manipulation methods to exploit insufficient input validation of a target to obtain access to data that should be not be retrievable by ordinary well formed requests. A typical variety of this attack involves specifiying a path to a desired file together with dot-dot-slash characters, resulting in the file access API or function traversing out of the intended directory structure and into the root file system. By replacing or modifying the expected path information the access function or API retrieves the file desired by the attacker.These attacks either involve the attacker providing a complete path to a targeted file or using control characters (e.g. path separators (/ or \) and/or dots (.)) to reach desired directories or files.
+ Attack Prerequisites

The attacker must be able to control the path that is requested of the target.

The target must fail to adequately sanitize incoming paths

+ Resources Required

The ability to manually manipulate path information either directly through a client application relative to the service or application or via a proxy application.

+ Relationships
NatureTypeIDNameDescriptionView(s) this relationship pertains toView\(s\)
ChildOfAttack PatternAttack Pattern154Resource Location Attacks 
Mechanism of Attack1000
ChildOfCategoryCategory366WASC Threat Classification 2.0 - WASC-33 - Path Traversal 
WASC Threat Classification 2.0333
ParentOfAttack PatternAttack Pattern64Using Slashes and URL Encoding Combined to Bypass Validation Logic 
Mechanism of Attack (primary)1000
ParentOfAttack PatternAttack Pattern78Using Escaped Slashes in Alternate Encoding 
Mechanism of Attack (primary)1000
ParentOfAttack PatternAttack Pattern79Using Slashes in Alternate Encoding 
Mechanism of Attack (primary)1000
ParentOfAttack PatternAttack Pattern139Relative Path Traversal 
Mechanism of Attack (primary)1000
Back to top