Directory Traversal is when attackers are able to trawl through the directory structure of a website by accessing them directly, instead of through a routing system or only the allowed files, which can allow attackers direct access to view source code or other sensitive documents stored serverside.
Located
Auth2.php / Auth2
HTTP request type
GET Request
Vunerable parameter / behaviour
The 'FileToView' parameter of Auth2 which allows attackers to access server-side source code
Payload / actions for reproduction
In the URL enter /includes
This displays a list of server-side php files
On the Auth2 page, in the url change the FileToView query parameter to any of the php files
The php source code is now displayed client side
Code Fix
Use a .htaccess to prevent leaking information about server structure
Use an allowlist of files which are valid to view in Auth2
Vulnerability
Directory Traversal
Description
Directory Traversal is when attackers are able to trawl through the directory structure of a website by accessing them directly, instead of through a routing system or only the allowed files, which can allow attackers direct access to view source code or other sensitive documents stored serverside.
Located
Auth2.php / Auth2
HTTP request type
GET Request
Vunerable parameter / behaviour
The 'FileToView' parameter of Auth2 which allows attackers to access server-side source code
Payload / actions for reproduction
Code Fix