Stack Overflow
Stack Overflow

Questions tagged [path-traversal]

36 questions
48
votes
3 answers

What's the best way to defend against a path traversal attack?

I have a Java server implementation (TFTP if it matters to you) and I'd like to ensure that it's not susceptible to path traversal attacks allowing access to files and locations that shouldn't be available. My best attempt at defending so far is…
Rob Oxspring
  • 2,835
  • 1
  • 22
  • 28
19
votes
2 answers

Filtering upwards path traversal in Java (or Scala)

Are there any standard library methods that can filter out paths which include special traversal sequences, such as ../ and all other convoluted forms of upwards directory traversal, to safeguard a file path API input from traversing upwards of a…
matanster
  • 15,072
  • 19
  • 88
  • 167
3
votes
1 answer

A Path Traversal vulnerability in asp.net core

I already tried these solutions Does my code prevent directory traversal in C#? Is Path Traversal Vulnerabilities possible in my below code? How to prevent Path Traversal in .NET How to avoid Directory Traversal in my code But still, Checkmarx…
gaurav bhavsar
  • 2,033
  • 2
  • 22
  • 36
3
votes
2 answers

Input_Path_Not_Canonicalized - PathTravesal Vulnerability in checkmarx

I am facing path traversal vulnerability while analyzing code through checkmarx. I am fetching path with below code: String path = System.getenv(variableName); and "path" variable value is traversing through many functions and finally used in one…
dev29
  • 31
  • 1
  • 2
3
votes
1 answer

How to deal with Path Traversal?

I'm trying to understand how to deal(in a secure way) with Path Traversal. For example an application receives from a client a file name via REST API in JSON, look for it in the non-accessible(by outside) directory and retrieve a response with the…
cobofe
  • 33
  • 1
  • 4
3
votes
2 answers

How do I fix SCS0018?

Security Scan SCS0018 Warnings in Visual Studio are shown during the build. Currently, I am working on these warnings to get removed. I tried several MSDN sites but no luck. I have also read OWSAP but they are not clearly related to C#. Please find…
Binod
  • 313
  • 1
  • 2
  • 12
2
votes
2 answers

How can I perform a path traversal attack on this service hosted in IIS?

Background I am attempting to perform a path traversal attack on a vulnerable service hosted in IIS. The service is something like this: GET /api/download/{file-name} The underlying code is something like this: return File.Read("some/directory/" +…
srk
  • 1,625
  • 1
  • 10
  • 26
2
votes
1 answer

Path traversal with python request

recently I wanted to automate an attack for a web app that is prone to path traversal attacks (NVMS1000) via python requests module. The request works perfectly with curl by using the option path-as-is: curl --path-as-is…
Julian12
  • 21
  • 2
1
vote
0 answers

Path Traversal vulnerability for a file object

I'm trying to fix Path Traversal Vulnerability raised by Gitlab SAST in the Java Source code. There is a scenario where I am creating a file object by passing in an Input string. Then creating a file output stream to write to the file represented by…
Poonam
  • 21
  • 4
1
vote
1 answer

Path traversal vulnerability

The concept of path traversal is new to me need some guidance please. In my project I have following line of code: uploadimg.SaveAs(Server.MapPath("tempfiles/" + fUIName)); FileUpload1.SaveAs(Server.MapPath("tempfiles/" + fSIName)); Is this code is…
Amit Kaushal
  • 41
  • 6
1
vote
1 answer

ASP.NET - Path Traversel exploit when downloading a File

How could I solve this problem in that code. I've tried some approaches, but I couldn't pass the checkmarx test (system used to perform the scan) FinalUploadFolder comes from the WebConfig file, which is where the files are saved public FileResult…
AllPower
  • 175
  • 1
  • 4
  • 16
1
vote
1 answer

Having issues with Djikstra's algorithm

Trying to implement Dijkstra's via the instructions in this article: https://medium.com/@adriennetjohnson/a-walkthrough-of-dijkstras-algorithm-in-javascript-e94b74192026 My repl below: https://repl.it/@Stylebender/DJIK#index.js The actual Dijkstra…
KamiWar
  • 41
  • 5
1
vote
1 answer

Java webapp code returning with a path traversal problem when tested in a bot

So I have been given the task of fixing a path traversal problem in a basic Java web app, but I am quite stuck. We are meant to essentially make sure the code is secure, while maintaining functionality (which is the part i am struggling with) So far…
ismaeel ali
  • 43
  • 1
  • 7
1
vote
1 answer

Nested PathTransitions in JavaFX

I am trying to get my node to travel along the path of a circle, and at the same time have THAT circle travel along the path of a rectangle. Is it possible? This is what I have so far: void move(GamePane aThis) { double speed = 10; …
Jeremiah Jacobson
  • 33
  • 4
0
votes
0 answers

HTTP protocol URL REACT and NODEJS compared to using http protocol URL as file system

So my question is about the URL as filesystem against the new web approach of NODEJS+EXPRESS and REACT. lets assume that we have in the root directory '/' the following files: root '/' directory: index.html image_super.jpg images_secret…
Eden Refaelov
  • 43
  • 4
1
2 3