CWE-22: Vulnerabilities related to crossing roads – Security Boulevard
Incorrect limitation of a path name to a restricted directory (‘Path Traversal’)
CWE-22, also known as a path traversal vulnerability, refers to the ability of unauthorized parties to access restricted directories due to a lack of security.
Why path crossing vulnerabilities are problematic
Path traversal allows unauthorized users to access your files. Some files are benign, while others can give them the information they need to access more sensitive areas. In some cases, the malicious party may be able to modify the files it is accessing.
Engaging in a path crossing attack does not require any special tools; the malicious party only needs access to a web browser and the patience to sift through many directories to find files and directories of interest.
How does path crossing work
As an example, let’s take a look at an ecommerce website that displays product images like the following:
Note that the showImage parameter accepts a filename from an image and then retrieves that image. On the back end, showImage appends the name of the file to the home directory where files are stored to perform these actions (for example, /src/images/product.png).
Without proper protection (perhaps in the form of an allow list, mapping, or cleanup), the malicious party could take advantage of the showImage method to recover other files.
They could also try adding / .., which allows them to move up one level in a directory structure. Maybe they could even use something like /src/images/../../../ to access the root level directory, providing an overview of the entire application.
Mitigation of path crossing vulnerabilities
Path traversal vulnerabilities are an issue if an application accepts user input (directly or indirectly) and uses that information to form file paths executed by the server. To mitigate this type of vulnerability, the following options are available:
- Reduction of the attack surface: store as many files outside the web document root or in a separate directory with the appropriate access controls
- Execution by conversion: When accepting user input, create a mapping of allowed values; reject those that are not included in the mapping
- Environmental hardening: run your code using the lowest privileges required; in such cases, the impact of path crossing attacks can be mitigated
- Validation of entries: accept the input, decode it and canonicalize it, ensure that it corresponds to the current internal representation of the applications, then validate it. There are language specific functions that can help with this type of input validation.
- Bookcase / frame: use a library or a framework which provides protection against unauthorized crossing
- Sandbox: run your code in an environment strictly separate from the operating system
Path traversal attacks occur when an unauthorized party can access files that they shouldn’t by guessing likely file paths. The severity of the exploit depends on the types of files the malicious party can access.
CWE-22: Path Traversal Vulnerabilities was originally posted on ShiftLeft Blog on Medium, where people continue the conversation by highlighting and responding to this story.
*** This is a Syndicated Security Bloggers Network blog from ShiftLeft Blog – Medium written by Katie Horne. Read the original post at: https://blog.shiftleft.io/cwe-22-path-traversal-vulnerabilities-95b830ddccd2?source=rss—-86a4f941c7da—4