TechQA.

Path traversal vulnerability

2.7k views Asked by At

The concept of path traversal is new to me need some guidance please.

In my project I have following line of code:

uploadimg.SaveAs(Server.MapPath("tempfiles/" + fUIName));
FileUpload1.SaveAs(Server.MapPath("tempfiles/" + fSIName));

Is this code is vulnerable to PathTraversal vulnerability.

Can any one help me understanding the concept of path traversal and how to remove/avoid it. Thanks!

Edit 1:

It is also mentioned that I am storing files in tempfiles folder temporary. After the purpose of saving the file fulfilled I am deleting the files from tempfiles. So can I skip this vulnerability? Please guide. Thanks!

asp.net path-traversal
Original Q&A
1

There are 1 answers

3
Aristos On

The path traversal is means that some one upload a file to your site and can access it direct from the URL (if he knows the path, or can find it from some other page).

Eg, lets say that you upload a pdf file named file.pdf at tempfiles/

Then you probably show it on some page as http://example.com/tempfiles/file.pdf

Now the attacker knows where the file is uploaded, and then its upload to you some other file, maybe an html with fraud, maybe some server browser in an aspx page etc... and direct call it from the url.

Solutions

You can upload all the files to a secure folder like App_Data that you can not direct access it.

You can upload it to a folder that you change the permissions and again you can not direct access it. (see here how you can do that How to set correct file permissions for ASP.NET on IIS)

You can limit the extensions for what you upload and let only images for example, and put that on that directory to avoid anyone to run anything there.

<configuration>
    <system.web>
      <authorization>
        <deny users="*" />
      </authorization>
    </system.web>
</configuration>

Now, if you upload pdf to a directory that the user can not access direct from the url, you need to create a handler that return the uploaded files. The handler must knows if the user is allowed to view the file, if the file is safe, if the file come direct from the site.

some simple examples. file download by calling .ashx page and Alternate image display in asp.net

And one last solution is to check the reference and make sure that is comming from your site and its not a direct call from the url using this HttpContext.Current.Request.UrlReferrer.Host. Meaning that the user is uploading an image, but its allowed to view it only if its come the request from a page of your site using some link.

Related Questions in ASP.NET

Related Questions in PATH-TRAVERSAL

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs

Trending Questions