CAPEC-126: Path Traversal

Description
An adversary uses path manipulation methods to exploit insufficient input validation of a target to obtain access to data that should be not be retrievable by ordinary well-formed requests. A typical variety of this attack involves specifying a path to a desired file together with dot-dot-slash characters, resulting in the file access API or function traversing out of the intended directory structure and into the root file system. By replacing or modifying the expected path information the access function or API retrieves the file desired by the attacker. These attacks either involve the attacker providing a complete path to a targeted file or using control characters (e.g. path separators (/ or \) and/or dots (.)) to reach desired directories or files.
Extended Description

If access control mechanisms are absent or misconfigured, a user may be able to access resources that are intended only for higher level users. An adversary may be able to exploit this to utilize a less trusted account to gain information and perform activities reserved for more trusted accounts.

This attack differs from privilege escalation and other privilege stealing attacks in that the adversary never actually escalates their privileges but instead is able to use a lesser degree of privilege to access resources that should be (but are not) reserved for higher privilege accounts. Likewise, the adversary does not exploit trust or subvert systems - all control functionality is working as configured but the configuration does not adequately protect sensitive resources at an appropriate level.

Severity :

Very High

Possibility :

High

Type :

Standard
Prerequisites

This table shows the other attack patterns and high level categories that are related to this attack pattern.

  • The attacker must be able to control the path that is requested of the target.
  • The target must fail to adequately sanitize incoming paths
Skills required

This table shows the other attack patterns and high level categories that are related to this attack pattern.

  • Low Simple command line attacks or to inject the malicious payload in a web page.
  • Medium Customizing attacks to bypass non trivial filters in the application.
Taxonomy mappings

Mappings to ATT&CK, OWASP and other frameworks.

Resources required

The ability to manually manipulate path information either directly through a client application relative to the service or application or via a proxy application.

Related CWE

A Related Weakness relationship associates a weakness with this attack pattern. Each association implies a weakness that must exist for a given attack to be successful.

Visit http://capec.mitre.org/ for more details.