nerdexam
EC-Council

312-50V10 · Question #873

While testing a web application in development, you notice that the web server does not properly ignore the "dot dot slash" (../) character string and instead returns the file listing of a folder stru

The correct answer is D. Directory traversal. Failure to sanitize the '../' sequence in user-supplied input allows an attacker to navigate outside the web root and access arbitrary server files, which is a classic directory traversal vulnerability.

Hacking Web Applications

Question

While testing a web application in development, you notice that the web server does not properly ignore the "dot dot slash" (../) character string and instead returns the file listing of a folder structure of the server. What kind of attack is possible in this scenario?

Options

  • ACross-site scripting
  • BDenial of service
  • CSQL injection
  • DDirectory traversal

How the community answered

(40 responses)
  • A
    3% (1)
  • C
    5% (2)
  • D
    93% (37)

Why each option

Failure to sanitize the '../' sequence in user-supplied input allows an attacker to navigate outside the web root and access arbitrary server files, which is a classic directory traversal vulnerability.

ACross-site scripting

Cross-site scripting (XSS) involves injecting malicious client-side scripts into web pages to execute in a victim's browser, which requires script injection rather than filesystem path manipulation using '../' sequences.

BDenial of service

Denial of service attacks aim to overwhelm a service to make it unavailable to legitimate users, and do not involve traversing server directory structures or retrieving file listings.

CSQL injection

SQL injection exploits unsanitized database query inputs to manipulate backend database operations, and is unrelated to web server filesystem path traversal using directory separator sequences.

DDirectory traversalCorrect

Directory traversal attacks exploit insufficient input validation that allows the '../' (dot dot slash) sequence to be interpreted by the web server as a filesystem navigation instruction. By chaining these sequences in URLs or input fields, an attacker can break out of the intended web root directory and access sensitive files such as /etc/passwd on Linux or configuration files on Windows - as evidenced here by the server returning a directory file listing instead of blocking the request.

Concept tested: Directory traversal via dot-dot-slash path manipulation

Source: https://owasp.org/www-community/attacks/Path_Traversal

Topics

#directory traversal#path traversal#web vulnerability#file listing

Community Discussion

No community discussion yet for this question.

Full 312-50V10 Practice