After some reconnaissance efforts, an attacker identified a web server hosted on a Linux system. The attacker then entered the URL shown below,
http://192.168.46.82:45/vulnerabilities/fi/?page=../../../../../etc/httpd/httpd.conf
Which type of web vulnerability is being exploited by the attacker?
- stored XSS
- reflected XSS
- directory traversal
- cookie manipulation
|
Explanation & Hint: A directory traversal vulnerability (often called path traversal) can allow attackers to access files and directories stored outside the web root folder. It is possible to exploit path traversal vulnerabilities by manipulating variables that reference files with the dot-dot-slash (../) sequence and its variations or by using absolute file paths to access files on the vulnerable system. In this example, the attacker is trying to view the web server configuration file. |