Arbitrary file deletion (AS)

Arbitrary file deletion (AS)

Published on 2008-05-21. Updated on 2009-04-22.

Description:
This script is possibly vulnerable to arbitrary file deletion.

This issue allows an attacker to influence calls to the 'unlink()' function and delete arbitrary files. Due to a lack of input validation, an attacker can supply directory traversal sequences followed by an arbitrary file name to delete specific files.

Impact:
This vulnerability allows attackers to delete arbitrary files.

Recommendation:
Your script should filter metacharacters from user input.

Tags: Parameter manipulation

Alert Tags: arbitrary_file_creation
ApplicableApplicationServer : All
ApplicableOS: All
ApplicableWebServer: All

References:

Acunetix Directory Traversal Attacks

Security Focus - Penetration Testing for Web Applications (Part Two)

Go Back

• Product Information
• Download
• Product Tour
• Brochure (PDF)
• Pricing
• Testimonials
• Customer references
• Resell Acunetix
• Acunetix in the Press
• List of vulnerability checks

• Learn more
• SQL Injection
• Cross site scripting
• Web Security
• Directory Traversal
• Ajax Application Security
• Google Hacking