Hacking For Beginners – Manthan Desai

Example of a directory traversal attack via web application code

2010

In order to perform a directory traversal attack, all an attacker needs is a web browser and some knowledge on where toblindly find any default files and directories on the system. The following example will make clear everything

Visit this website vulnerable to directory transversal attack

http://www.chitkara.edu.in/chitkara/chitkarauniversity.php?page=notification.php

This web server is running on UNIX like operating system. There is a directory 'etc' on unix/linux which containsconfiguration files of programs that run on system. Some of the files are passwd, shadow, profile,sbin placed in 'etc'directory.

The file etc/passwd contains the login names of users and even passwords too.

Lets try to access this file on web server by stepping out of the root directory. Carefully see the position of directoriesplaced on the web server.

We do not know the actual names and contents of directories except 'etc' which is default name , So I have marked themas A,B,C,E or whatever.

We are in directory in F accessing the web pages of website.

Let’s type this in URL field and press enter

http://www.chitkara.edu.in/chitkara/chitkarauniversity.php?page=etc/passwd

This will search the directory 'etc' in F. But obviously, there is nothing like this in F, so it will return nothing now type

http://www.chitkara.edu.in/chitkara/chitkarauniversity.php?page=../etc/passwd

www.hackingtech.co.tv

Page 56