Directory Traversal is an exploit/vulnerability which allow a remote attacker to access restricted directories and execute malicious commands.
What are Root Directory ?
Root Directory is a folder or a directory on the web server where all the web contents are placed which a normal user or a visitor of a website can see. Other directories present on the web server other than roOt might contain other sensitive information which the administrator don't the visitors to see. the content which is placed inside the Root Directory can seen by the visitor, they cannot see the content present outside the root directory. Root directory prevent users from accessing sensitive files like cmd.exe on a server running windows and password file on the system running LINUX/UNIX.
What a attacker can do if the website is vulnerable ?
If in case the web server is vulnerable to Directory Traversal Attacks, a remote attacker can step out of the Root Directory and access other important and sensitive files on the web server. Directory Traversal Attacks gives the attacker the ability to view and access the restricted files and directories which lead to the execution of malicious commands or even a full server compromise.
General tip to secure your website from Directory Traversal Attacks ?
Update your webs server's software to the latest version, make sure all patches have been applied
What are Root Directory ?
Root Directory is a folder or a directory on the web server where all the web contents are placed which a normal user or a visitor of a website can see. Other directories present on the web server other than roOt might contain other sensitive information which the administrator don't the visitors to see. the content which is placed inside the Root Directory can seen by the visitor, they cannot see the content present outside the root directory. Root directory prevent users from accessing sensitive files like cmd.exe on a server running windows and password file on the system running LINUX/UNIX.
What a attacker can do if the website is vulnerable ?
If in case the web server is vulnerable to Directory Traversal Attacks, a remote attacker can step out of the Root Directory and access other important and sensitive files on the web server. Directory Traversal Attacks gives the attacker the ability to view and access the restricted files and directories which lead to the execution of malicious commands or even a full server compromise.
General tip to secure your website from Directory Traversal Attacks ?
Update your webs server's software to the latest version, make sure all patches have been applied
No comments:
Post a Comment