Directory Transversal

**iaarchia** · Aug 31st, 2006, 03:43 AM

Hey,

What would be a good way to protect a custom server against directory traversal attacks besides filtering [..], [%] characters?

Cheers,

**Al42** · Aug 31st, 2006, 04:28 PM

From where? The console of that computer? Within the LAN? A connection to a web server on that computer from the WAN?

**iaarchia** · Aug 31st, 2006, 05:45 PM

Thanks for your reply.

I mean inside the software; I am developing a small custom file server that has to be protected against forced directory transversal attacks.

**Al42** · Sep 1st, 2006, 02:25 PM

If you don't give me enough information, I can't help you. Software accessed how? From the console of that computer? From within the LAN? From a connection to a web server on that computer from the WAN? Whether it's "inside the software" or not is meaningless. Do you mean not allow users accessing a web server from seeing the directories? If it's a file server, you want your users to access the files - that's the function of a file server.

**iaarchia** · Sep 1st, 2006, 08:45 PM

I am writing a simple file server.

I just want to know what kind of characters I need to filter out to prevent directory traversal attacks.

For example, /opt/../ would be such an example. [..] would need to get filtered out.

What other characters are unsafe?

Cheers,

Thread: Directory Transversal

Thread Tools

Display

Directory Transversal

Re: Directory Transversal

Re: Directory Transversal

Re: Directory Transversal

Re: Directory Transversal

Posting Permissions