読者です 読者をやめる 読者になる 読者になる

by shigemk2

当面は技術的なことしか書かない

What is directory traversal attack?

Directory traversal attack

Directory traversal attack - Wikipedia, the free encyclopedia

A directory traversal (or path traversal) consists in exploiting insufficient security validation / sanitization of user-supplied input file names, so that characters representing "traverse to parent directory" are passed through to the file APIs.

It's sample code.

<?php
$template = 'red.php';
if (isset($_COOKIE['TEMPLATE']))
   $template = $_COOKIE['TEMPLATE'];
include ("/home/users/phpguru/templates/" . $template);
?>

The repeated ../ characters after /home/users/phpguru/templates/ has caused include() to traverse to the root directory, and then include the Unix password file /etc/passwd.