Scribd Logo
Upload

Welcome to Scribd!

  • Lab18 Path Traversal Vulnerabilities

    Uploaded by

    truongvg2003
    3 views2 pages

    Original Title

    Lab18 Path traversal vulnerabilities

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    3 views2 pages

    Lab18 Path Traversal Vulnerabilities

    Uploaded by

    truongvg2003

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 2

    Lab 18: Path traversal vulnerabilities

    Objective:
    - This lab is focused on exploring Path Traversal vulnerabilities, a type of security flaw where
    an attacker can access and potentially manipulate files on a server that are not intended to
    be accessible through the web application. Participants will interact with a simulated
    environment featuring a web application with path traversal vulnerabilities. The objective is
    to understand how these vulnerabilities are exploited, their potential impact on system
    security, and the strategies for mitigating them.

    In this lab, students need to:


     Answer the following questions:
    o What is a Path Traversal vulnerability, and how does it differ from other types of web
    application vulnerabilities? Explain the concept of path traversal, including how
    attackers can manipulate input to access or manipulate files outside of the intended
    directory.
    Path Traversel vulnerability is when attacker can modify a parameter or url to change
    directory to other unauthorized files of the current file.
    o Describe the process for exploiting a Path Traversal vulnerability in a web application.
    What are the common methods or techniques used by attackers to manipulate file
    paths, and how can these methods compromise the security of a server?
    Attacker usually find places that the web application return a file so he can manipulate
    it. The common methods are injecting “../” to traverse back and forth in the target
    system’s directory. The consequences are letting unauthorized access to important files
    such as credentials or configuration files and CIA triad breach.
     Perform challenge:
    o File path traversal, traversal sequences blocked with absolute path bypass
     Explain and capture all steps (full windows screen capture).

    Submit a report addressing all the questions mentioned above in either PDF or Markdown format.
    Additionally, include a video demonstrating the detailed process of your work to ensure the
    authenticity of your lab exercise.
    The report file name must be Class_YourStudentID _YourName_Lab18

    In this lab, there is a paremeter called “?filename=74.jpg” that is requested for image render. Instead
    of tell the server to return the image, we can replace it with the file “/etc/passwd”
    VIDEO LINK: LAB18_PathTraversal.mp4

    You might also like