An adversary with access to file system resources, either directly or via application logic, will use various file absolute paths and navigation mechanisms such as \'..\' to extend their range of access to inappropriate areas of the file system. The goal of the adversary is to access directories and files that are intended to be restricted from their access.
Description
Attack Execution Flow
4
1
Step 1
Explore[Fingerprinting of the operating system] In order to perform a valid path traversal, the adversary needs to know what the underlying OS is so that the proper file seperator is used.
Port mapping. Identify ports that the system is listening on, and attempt to identify inputs and protocol types on those ports.
TCP/IP Fingerprinting. The adversary uses various software to make connections or partial connections and observe idiosyncratic responses from the operating system. Using those responses, they attempt to guess the actual operating system.
Induce errors to find informative error messages
AI Translation
[Fingerprinting del sistema operativo] Per eseguire una validazione di path traversal, l'attaccante deve conoscere quale sistema operativo sottostante viene utilizzato, in modo da usare il separatore di file corretto.
Mappatura delle porte. Identificare le porte su cui il sistema è in ascolto e tentare di individuare input e tipi di protocollo su quelle porte.
Fingerprinting TCP/IP. L'attaccante utilizza vari software per stabilire connessioni o connessioni parziali e osservare risposte idiosincratiche dal sistema operativo. Utilizzando queste risposte, cercano di indovinare il sistema operativo effettivo.
Indurre errori per trovare messaggi di errore informativi
Attack Techniques
-
Port mapping. Identify ports that the system is listening on, and attempt to identify inputs and protocol types on those ports.
-
Induce errors to find informative error messagesIT: Mappatura delle porte. Identificare le porte su cui il sistema è in ascolto e tentare di identificare gli input e i tipi di protocollo su tali porte.
-
TCP/IP Fingerprinting. The adversary uses various software to make connections or partial connections and observe idiosyncratic responses from the operating system. Using those responses, they attempt to guess the actual operating system.IT: Mappatura delle porte. Identificare le porte su cui il sistema è in ascolto e tentare di identificare gli input e i tipi di protocollo su tali porte.
2
Step 2
Explore[Survey application] Using manual or automated means, an adversary will survey the target application looking for all areas where user input is taken to specify a file name or path.
Use a spidering tool to follow and record all links on a web page. Make special note of any links that include parameters in the URL.
Use a proxy tool to record all links visited during a manual traversal of a web application. Make special note of any links that include parameters in the URL. Manual traversal of this type is frequently necessary to identify forms that are GET method forms rather than POST forms.
Use a browser to manually explore a website and analyze how it is constructed. Many browser's plug-in are available to facilitate the analysis or automate the URL discovery.
AI Translation
[Survey application] Utilizzando mezzi manuali o automatizzati, un adversary effettuerà un survey dell'applicazione target alla ricerca di tutte le aree in cui viene richiesto l'input dell'utente per specificare un nome file o un percorso.
Utilizza uno strumento di spidering per seguire e registrare tutti i link presenti in una pagina web. Prendi nota speciale di eventuali link che includono parametri nell'URL.
Utilizza uno strumento proxy per registrare tutti i link visitati durante una traversata manuale di un'applicazione web. Prendi nota speciale di eventuali link che includono parametri nell'URL.
Una traversata manuale di questo tipo è spesso necessaria per identificare moduli che utilizzano il metodo GET anziché POST.
Usa un browser per esplorare manualmente un sito web e analizzarne la struttura. Sono disponibili numerosi plugin per browser che facilitano l'analisi o automatizzano la scoperta degli URL.
Attack Techniques
-
Use a spidering tool to follow and record all links on a web page. Make special note of any links that include parameters in the URL.
-
Use a browser to manually explore a website and analyze how it is constructed. Many browser's plug-in are available to facilitate the analysis or automate the URL discovery.IT: Utilizza uno strumento di spidering per seguire e registrare tutti i collegamenti su una pagina web. Prendi nota in modo particolare di eventuali link che includono parametri nell'URL.
-
Use a proxy tool to record all links visited during a manual traversal of a web application. Make special note of any links that include parameters in the URL. Manual traversal of this type is frequently necessary to identify forms that are GET method forms rather than POST forms.IT: Utilizza uno strumento di spidering per seguire e registrare tutti i collegamenti su una pagina web. Prendi nota in modo particolare di eventuali link che includono parametri nell'URL.
3
Step 3
Experiment[Attempt variations on input parameters] Using manual or automated means, an adversary attempts varying absolute file paths on all found user input locations and observes the responses.
Access common files in root directories such as '/bin', '/boot', '/lib', or '/home'
Access a specific drive letter or windows volume letter by specifying 'C:dirname' for example
Access a known Windows UNC share by specifying '\\UNC\share\name' for example
AI Translation
[Provare variazioni sui parametri di input] Utilizzando metodi manuali o automatizzati, un adversary tenta di variare i percorsi assoluti dei file su tutte le posizioni di input utente trovate e osserva le risposte.
Accedere a file comuni nelle directory root come "/bin", "/boot", "/lib" o "/home"
Accedere a una lettera di unità specifica o a una lettera di volume di Windows specificando ad esempio "C:dirname"
Accedere a una condivisione UNC di Windows nota specificando ad esempio "\\UNC\share\name"
Attack Techniques
-
Access common files in root directories such as "/bin", "/boot", "/lib", or "/home"
-
Access a specific drive letter or windows volume letter by specifying "C:dirname" for exampleIT: Accedere ai file comuni nelle directory di root come "/bin", "/boot", "/lib" o "/home"
-
Access a known Windows UNC share by specifying "\\UNC\share\name" for exampleIT: Accedere ai file comuni nelle directory di root come "/bin", "/boot", "/lib" o "/home"
4
Step 4
Exploit[Access, modify, or execute arbitrary files.] An adversary injects absolute path traversal syntax into identified vulnerable inputs to cause inappropriate reading, writing or execution of files. An adversary could be able to read directories or files which they are normally not allowed to read. The adversary could also access data outside the web document root, or include scripts, source code and other kinds of files from external websites. Once the adversary accesses arbitrary files, they could also modify files. In particular situations, the adversary could also execute arbitrary code or system commands.
Manipulate file and its path by injecting absolute path sequences (e.g. '/home/file.txt').
Download files, modify files, or try to execute shell commands (with binary files).
AI Translation
[Accesso, modifica o esecuzione di file arbitrari.] Un adversary inietta sintassi di traversal assoluto del percorso in input vulnerabili identificati per causare la lettura, scrittura o esecuzione inappropriata dei file. Un adversary potrebbe essere in grado di leggere directory o file ai quali normalmente non avrebbe accesso. Potrebbe anche accedere a dati al di fuori del web document root, o includere script, codice sorgente e altri tipi di file da siti web esterni. Una volta che l'adversary accede a file arbitrari, potrebbe anche modificarli. In situazioni particolari, l'adversary potrebbe anche eseguire codice arbitrario o comandi di sistema.
Manipolare file e il suo percorso iniettando sequenze di percorso assoluto (ad esempio "/home/file.txt").
Scaricare file, modificare file o tentare di eseguire comandi shell (con file binari).
Attack Techniques
-
Manipulate file and its path by injecting absolute path sequences (e.g. "/home/file.txt").
-
Download files, modify files, or try to execute shell commands (with binary files).IT: Manipolare file e il suo percorso inserendo sequenze di percorsi assoluti (ad esempio "/home/file.txt").
Mitigations
12
Design: Enforce Principle Of Least Privilege.
Design: Input Validation. Assume That User Inputs Are Malicious. Utilize Strict Type, Character, And Encoding Enforcement.
Design: Configure The Access Control Correctly.
Design: Execute Programs With Constrained Privileges, So Parent Process Does Not Open Up Further Vulnerabilities. Ensure That All Directories, Temporary Directories And Files, And Memory Are Executing With Limited Privileges To Protect Against Remote Execution.
Design: Proxy Communication To Host, So That Communications Are Terminated At The Proxy, Sanitizing The Requests Before Forwarding To Server Host.
Implementation: Host Integrity Monitoring For Critical Files, Directories, And Processes. The Goal Of Host Integrity Monitoring Is To Be Aware When A Security Issue Has Occurred So That Incident Response And Other Forensic Activities Can Begin.
Implementation: Perform Testing Such As Pen-Testing And Vulnerability Scanning To Identify Directories, Programs, And Interfaces That Grant Direct Access To Executables.
Implementation: Use Possible Permissions On File Access When Developing And Deploying Web Applications.
Design: Run Server Interfaces With A Non-Root Account And/Or Utilize Chroot Jails Or Other Configuration Techniques To Constrain Privileges Even If Attacker Gains Some Limited Access To Commands.
Implementation: Perform Input Validation For All Remote Content, Including Remote And User-Generated Content.
Implementation: Use Indirect References Rather Than Actual File Names.
Implementation: Validate User Input By Only Accepting Known Good. Ensure All Content That Is Delivered To Client Is Sanitized Against An Acceptable Content Specification Using An Allowlist Approach.
Consequences
Security Scopes Affected
Availability
Confidentiality
Integrity
Potential Impacts
Execute Unauthorized Commands
Modify Data
Read Data
Unreliable Execution
Relationships
Parent CAPECs
Resources Required
1
The attacker must have access to an application interface or a direct shell that allows them to inject directory strings and monitor the results.