.%2f
??? .%2e/
Directory Traversal Attacks
Today, some web application frameworks automatically protect against directory
traversal attacks. For example, PHP has a setting called magic_quotes_gpc, which is on
by default. This setting ???magically??? escapes suspicious characters in GETs, POSTs, and
cookies with a backslash. Thus, the character / is escaped to \/, which stops this attack.
Other web application frameworks do not have general protection mechanisms, and it is
up to the developer to protect against these problems.
To protect your application from directory traversal attacks, whitelist the acceptable
files??”that is, deny all user input except for a small subset like this:
Chapter 1: Common Injection Attacks 13
$languages = array('main-en','main-fr','main-ru');
$language = $languages[1];
if (is_set($_GET['language']))
$tmp = $_GET['language'];
if (array_search($tmp, $languages))
$language = $tmp;
include("/usr/local/webapp/static_files/" . $language . ".html");
?>
XXE (XML eXternal Entity) Attacks
Popularity: 4
Simplicity: 9
Impact: 8
Risk Rating: 8
Like directory traversal attacks, XML external entity attacks allow the attacker to
read arbitrary files on the server from SSL private keys to password files.
Pages:
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75