Tuesday, 5 September 2017

Directory Traversal Attack

Directory Traversal is an HTTP exploit which allow attackers to access restricted directories and execute commands outside of web server’s root directory.

2 main levels of security mechanisms:
·        Access Control Lists (ACLs)
·        Root directory

An access control list (ACL) is used in the authorization process. It is a list which the web server’s administrator uses to indicate which users or groups are able to access, modify or execute particular files on the servers, as well as other access right.

Sample picture of wampserver folder ;

The root directory is a specific directory on the server file system in which the users are confined. Users are not able to access anything above root folder. For example, the default root directory of wampserver on windows is located at C:\Wamp64\www and with this setup, a user does not have access above folder such as C:\Windows but have access under the root directory (provided that the user is authenthicated via the ACL).

No comments:

Post a Comment