Deutsche Version (DE_DE)
English version (EN_US)
Test Methods ( Detailed Overview )
Here is a list of every test performed by Web Scan Service.
Directory Traversal Arbitrary File DownloadRemediation Task
Validate users inputWASC ClassificationInformation Disclosure: Path TraversalAffected ProductsThis issue may affect different types of productsTechnical DescriptionMany web servers do not validate or sanitize requests for paths outside the virtual web server root directory. This issue allows remote users to break out of the web server's root directory by using relative paths. Here are some examples of requests using several encoding variants that may cause the web server to return files outside the root directory: [1] http://TARGET/../../../../../../../../some_file [2] http://TARGET/%2E%2E/%2E%2E/%2E%2E/%2E%2E/%2E%2E/%2E%2E/%2E%2E/%2E%2E/some_file [3] http://TARGET/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/some_file [4] GET \..\..\..\..\..\..\..\..\some_file Variant 1 does not use any kind of Url encoding. Variant 2 uses a Url encoding of the dot ('.') - this may help with bypassing IDS systems or patched versions of web servers that were vulnerable to variant 1. Variant 3 uses a Unicoded dot ('.') - this may help with bypassing IDS systems or patched versions of web servers that were vulnerable to variants 1and 2. Variant 4 uses the same basic method as variant 1 but with backslashes, which may work against several web servers that are installed on Win32 systems.Fix RecommendationBecause this problem is server-specific, we suggest that you contact your server's vendor for a security patch immediately.
Technical DescriptionMany web servers do not validate or sanitize requests for paths outside the virtual web server root directory. This issue allows remote users to break out of the web server's root directory by using relative paths. Here are some examples of requests using several encoding variants that may cause the web server to return files outside the root directory: [1] http://TARGET/../../../../../../../../some_file [2] http://TARGET/%2E%2E/%2E%2E/%2E%2E/%2E%2E/%2E%2E/%2E%2E/%2E%2E/%2E%2E/some_file [3] http://TARGET/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/%c0%ae%c0%ae/some_file [4] GET \..\..\..\..\..\..\..\..\some_file Variant 1 does not use any kind of Url encoding. Variant 2 uses a Url encoding of the dot ('.') - this may help with bypassing IDS systems or patched versions of web servers that were vulnerable to variant 1. Variant 3 uses a Unicoded dot ('.') - this may help with bypassing IDS systems or patched versions of web servers that were vulnerable to variants 1and 2. Variant 4 uses the same basic method as variant 1 but with backslashes, which may work against several web servers that are installed on Win32 systems.Fix RecommendationBecause this problem is server-specific, we suggest that you contact your server's vendor for a security patch immediately.
Because this problem is server-specific, we suggest that you contact your server's vendor for a security patch immediately.
