By far the most effective means of eliminating path traversal vulnerabilities is to avoid passing user-submitted data to any file system API. In many cases, including the original example GetImage.aspx?file=diagram1.jpg , it is entirely unnecessary for an application to do this. For most files that are not subject to any access control, the files can simply … Read more
Path traversal vulnerabilities are often subtle and hard to detect, and it may be necessary to prioritize your efforts on locations within the application that are most likely to manifest the vulnerability. Locating Targets for Attack During your initial mapping of the application, you should already have identified any obvious areas of attack surface in … Read more
Many kinds of functionality oblige a web application to read from or write to a file system on the basis of parameters supplied within user requests. If these operations are carried out in an unsafe manner, an attacker can submit crafted input which causes the application to access files that the application designer did not … Read more
The Lightweight Directory Access Protocol (LDAP) is used for accessing directory services over a network. A directory is a hierarchically organized data store that may contain any kind of information but is commonly used to store personal data such as names, telephone numbers, email addresses, and job functions. An example of such a directory is … Read more
Many applications contain a facility for users to submit messages via the application; for example, to report a problem to support personnel or provide feed-back about the web site. This facility is usually implemented by interfacing with a mail (or SMTP) server. Typically, user-supplied input will be inserted into the SMTP conversation that the application server … Read more
The XML Path Language (or XPath) is an interpreted language used for navigating around XML documents, and for retrieving data from within them. In most cases, an XPath expression represents a sequence of steps that is required to navigate from one node of a document to another. Where web applications store data within XML documents, … Read more
The Simple Object Access Protocol (SOAP) is a message-based communications technology that uses the XML format to encapsulate data. It can be used to share information and transmit messages between systems, even if these run on different operating systems and architectures. Its primary use is in web services, and in the context of a browser-accessed … Read more
Many scripting languages support the use of include files. This facility enables developers to place reusable code components into individual files, and to include these within function-specific code files as and when they are needed. The code within the included file is interpreted just as if it had been inserted at the location of the … Read more
The core logic of most web applications is written in interpreted scripting languages like PHP, VBScript, and Perl. In addition to the possibilities for injecting into languages used by other back-end components, a key area of vulnerability concerns injection into the core application code itself. Exposure to this type of attack arises from two main … Read more
In some situations, an application that is vulnerable to SQL injection may implement various input filters that prevent you from exploiting the flaw without restrictions. For example, the application may remove or sanitize certain characters, or may block common SQL keywords. Filters of this kind are often vulnerable to bypasses, and there are numerous tricks … Read more