What is a Directory/Path Traversal attack and how can you block it?
Directory Traversal or Path Traversal is an HTTP exploit that allows an attacker to access restricted files, directories and commands that reside outside the web server’s root directory. It is also known as the ../ (dot dot slash) attack, directory climbing, and backtracking.
These kind of attacks are commonly performed using web browsers.
An attacker may manipulate a URL in such way that the site will reveal the confined files on the web server. They use an affected application to gain unauthorized access to the file system.
Typically, these attacks are used in order to gain access to sensitive information stored within files either within other areas of a web application, as well as other parts of the filesystem which the web server can read. Since files containing sensitive information may contain secret information such as passwords, access tokens or backups, a successful Directory / Path Traversal attack may allow an attacker to take their reconnaissance further, or exploit other vulnerabilities within the web application.
So, if an attacker discovers a directory traversal vulnerability, it is only a matter of time before they compromise your system.
An example in PHP that is vulnerable to Directory / Path Traversal:
* Get the filename from a GET input
* Example - http://example.com/?file=filename.php
$file = $_GET['file'];
* Unsafely include the file
* Example - filename.php
file_get_contents('directory/' . $file);
An attacker could make the following request to trick the application into divulging the contents of the /etc/passwd system file:
<span style="font-family: 'Andale Mono', AndaleMono, monospace;">http://example.com/?file=../../../../etc/passwd</span>
In this example, an attacker could have use Directory / Path Traversal to obtain the contents of the /etc/passwd file, which contains a list of users on the server. Similarly, an attacker may leverage the Directory / Path Traversal vulnerability to gain access to credentials, logs and other sensitive information that may help advance an attack.
How to block Directory / Paths Traversal attacks
Shield ensures your WordPress site security by automatically checking for Directory / Path Traversal and other vulnerabilities.
To block directory traversal paths in application parameters (e.g. ../, ../../etc/passwd, etc), you can use Shield's Firewall.
Important: There is typically no need for file paths that indicates attempts to move between directories on the filesystem. Be careful, as this might interfere with sites that publish content containing code snippets – it might be an idea to use the “Ignore Administrators” option.
Simply go to the Shield main menu > Config > Firewall module > Firewall Blocking > and enable Directory Traversals option:
To learn more about the Shield's Firewall module, read this article here.