Home United States USA — software PHP Security: Directory Traversal and Code Injection

PHP Security: Directory Traversal and Code Injection

507
0
SHARE

A security expert offers a brief introduction to two of the most prominent types of cybersecurity vulnerabilities, directory traversal and code injection.
Most web vulnerabilities are a result of bad coding habits or lack of PHP security awareness by developers. The source of probably all of them relies on the fact that user input, which plays a critical role in the security of a web application, is being trusted. This is probably the single point of failure which results in the many different attacks we have seen over the years.
In this post, we will be taking a look at PHP security problems associated with Directory Traversal and Code Injection, as well as giving examples of insecure PHP code.
Directory Traversal refers to the attack in which an authenticated or unauthenticated user can request and view or execute files which reside outside the root directory of a web application, or outside a directory to which they should be restricted.
With a system vulnerable to directory traversal, an attacker can take advantage of this vulnerability to step out of the root directory and access other parts of the file system. This might give the attacker the ability to view restricted files, or, even worse, execute commands on the server which can lead to a full compromise of the system. It is not uncommon to chain multiple vulnerabilities such as directory traversal and code execution in an attempt to escalate privileges.
In this vulnerability, an attacker maliciously takes advantage of a script which contains functions that allow system/shell commands to be executed. If user input is being passed unrestricted to these functions, then it is possible to inject code which will then be executed by the system. This essentially gives an attacker a low privileged shell which opens the door to perform many otherwise restricted actions such as accessing private documents which may contain sensitive data. It can also be used to view the source code of the application which could result in exposing passwords or other sensitive information, as well as discovering other vulnerabilities. As if things couldn’t get any worse, under certain circumstances it might be possible for an attacker to perform privilege escalation and eventually grant root access, compromising the machine.
We have established that both attacks can be very dangerous. By following some simple steps, however, the risk of being exposed to either can be greatly reduced.

Continue reading...