Hacking For Beginners – Manthan Desai
Example of a directory traversal attack via web application code
2010
In order to perform a directory traversal attack, all an attacker needs is a web browser and some knowledge on where toblindly find any default files and directories on the system. The following example will make clear everything
Visit this website vulnerable to directory transversal attack
http://www.chitkara.edu.in/chitkara/chitkarauniversity.php?page=notification.php
This web server is running on UNIX like operating system. There is a directory 'etc' on unix/linux which containsconfiguration files of programs that run on system. Some of the files are passwd, shadow, profile,sbin placed in 'etc'directory.
The file etc/passwd contains the login names of users and even passwords too.
Lets try to access this file on web server by stepping out of the root directory. Carefully see the position of directoriesplaced on the web server.
We do not know the actual names and contents of directories except 'etc' which is default name , So I have marked themas A,B,C,E or whatever.
We are in directory in F accessing the web pages of website.
Let’s type this in URL field and press enter
http://www.chitkara.edu.in/chitkara/chitkarauniversity.php?page=etc/passwd
This will search the directory 'etc' in F. But obviously, there is nothing like this in F, so it will return nothing now type
http://www.chitkara.edu.in/chitkara/chitkarauniversity.php?page=../etc/passwd
www.hackingtech.co.tv
Page 56