Skip to main content
Information Security

Questions tagged [path-injection]

The tag has no summary.

Filter by
Sorted by
Tagged with
2 votes
0 answers
93 views

TL;DR: seeing a website attack that's new to us, wondering if it is a known thing, or if it's directed at some framework that we're not using. The attack is against a site's index.php script and feeds ...
1 vote
1 answer
109 views

I am pentesting an http server using jetty, where I have access to the code. One of the urls I am looking at is get /services/test.js Looking at the code below: @GET @Path("services/{...
1 vote
0 answers
195 views

I am pentesting an application. The application exposes a SOAP API, which I have access to, and internally that API makes the following call: File.Open("C:\Resources\"+resName+".res&...
2 votes
1 answer
874 views

I used zap to scan one of my websites and found a path traversal issue. These are the informations: Attack: c:/ URL: www.example.com/example.php Parameter: mail I am now tinkering around in the ...
Roman's user avatar
  • 157
2 votes
1 answer
176 views

Are there any dangers of extending my PATH, say by adding /Users/me/bin?
gen's user avatar
  • 1,670
4 votes
1 answer
4k views

I have a binary that does this: if (strstr(USERCONTROLLERSTRING, "..")) exit; fopen(CurrentPath+"\\Data\\"+USERCONTROLLEDSTRING, "r"); then spits out all the content of the file. Is there any obvious ...
8 votes
2 answers
3k views

First of all, let me mention that I’m assuming a configuration as set up by current Linux desktop distributions (e. g. Debian, Fedora). I’m sure that there are methods which, if implemented, would ...
1 vote
3 answers
11k views

Is it possible to perform path traversal by setting the filename of an uploaded path to include a path? Does Windows/Linux/any other operating system allow such filenames? For example, naming a file "...

15 30 50 per page
1
2 3

AltStyle によって変換されたページ (->オリジナル) /