Hey,
What would be a good way to protect a custom server against directory traversal attacks besides filtering [..], [%] characters?
Cheers,
:afrog:
Printable View
Hey,
What would be a good way to protect a custom server against directory traversal attacks besides filtering [..], [%] characters?
Cheers,
:afrog:
From where? The console of that computer? Within the LAN? A connection to a web server on that computer from the WAN?
Thanks for your reply.
I mean inside the software; I am developing a small custom file server that has to be protected against forced directory transversal attacks.
If you don't give me enough information, I can't help you. Software accessed how? From the console of that computer? From within the LAN? From a connection to a web server on that computer from the WAN? Whether it's "inside the software" or not is meaningless. Do you mean not allow users accessing a web server from seeing the directories? If it's a file server, you want your users to access the files - that's the function of a file server.
I am writing a simple file server.
I just want to know what kind of characters I need to filter out to prevent directory traversal attacks.
For example, /opt/../ would be such an example. [..] would need to get filtered out.
What other characters are unsafe?
Cheers,
:afrog: