312-50V10 · Question #873
While testing a web application in development, you notice that the web server does not properly ignore the "dot dot slash" (../) character string and instead returns the file listing of a folder stru
The correct answer is D. Directory traversal. Failure to sanitize the '../' sequence in user-supplied input allows an attacker to navigate outside the web root and access arbitrary server files, which is a classic directory traversal vulnerability.
Question
While testing a web application in development, you notice that the web server does not properly ignore the "dot dot slash" (../) character string and instead returns the file listing of a folder structure of the server. What kind of attack is possible in this scenario?
Options
- ACross-site scripting
- BDenial of service
- CSQL injection
- DDirectory traversal
How the community answered
(40 responses)- A3% (1)
- C5% (2)
- D93% (37)
Why each option
Failure to sanitize the '../' sequence in user-supplied input allows an attacker to navigate outside the web root and access arbitrary server files, which is a classic directory traversal vulnerability.
Cross-site scripting (XSS) involves injecting malicious client-side scripts into web pages to execute in a victim's browser, which requires script injection rather than filesystem path manipulation using '../' sequences.
Denial of service attacks aim to overwhelm a service to make it unavailable to legitimate users, and do not involve traversing server directory structures or retrieving file listings.
SQL injection exploits unsanitized database query inputs to manipulate backend database operations, and is unrelated to web server filesystem path traversal using directory separator sequences.
Directory traversal attacks exploit insufficient input validation that allows the '../' (dot dot slash) sequence to be interpreted by the web server as a filesystem navigation instruction. By chaining these sequences in URLs or input fields, an attacker can break out of the intended web root directory and access sensitive files such as /etc/passwd on Linux or configuration files on Windows - as evidenced here by the server returning a directory file listing instead of blocking the request.
Concept tested: Directory traversal via dot-dot-slash path manipulation
Source: https://owasp.org/www-community/attacks/Path_Traversal
Topics
Community Discussion
No community discussion yet for this question.