Directory traversal (Windows)

Directory traversal (Windows)

Published on 2006-12-12. Updated on 2007-03-20.

Description:
This web service is possibly vulnerable to directory traversal attacks.

Directory Traversal is a vulnerability which allows attackers to access restricted directories and execute commands outside of the web server's root directory.

Impact:
By exploiting directory traversal vulnerabilities, attackers step out of the root directory and access files in other directories. As a result, attackers might view restricted files or execute commands, leading to a full compromise of the Web server.

Recommendation:
Your script should filter metacharacters from user input.

Tags: Web Services - Parameter manipulation,Directory traversal

Alert Tags: directory_traversal
ApplicableApplicationServer : All
ApplicableOS: Windows
ApplicableWebServer: All

References:

Acunetix Directory Traversal Attacks

Security Focus - Penetration Testing for Web Applications (Part Two)

Go Back

• Product Information
• Download
• Product Tour
• Brochure (PDF)
• Pricing
• Testimonials
• Customer references
• Resell Acunetix
• Acunetix in the Press
• List of vulnerability checks

• Learn more
• SQL Injection
• Cross site scripting
• Web Security
• Directory Traversal
• Ajax Application Security
• Google Hacking