0

I remember reading a while ago how it's possible for someone to access your computers filesystem from the website. I want to know how to do it, so I can test and prevent it from happening.

Running Apache 2.4 on Windows via XAMPP

My virtualhost is set up like so:

<VirtualHost *:80>
    ServerName local.scrap
    DocumentRoot "D:/Dropbox/www/scrap/public_html/"
    <Directory "D:/Dropbox/www/scrap/">
    Order allow,deny
    Allow from all
    Require all granted
    </Directory>
    ErrorLog "D:/Dropbox/www/scrap/logs/error.log"
</VirtualHost>

There is an index2.html in scrap/ and index.html in scrap/public_html/

hosts is set up to be 127.0.0.1 local.scrap

If I type the URL http://local.scrap/ I get index.html. If I type the URL http://local.scrap/../index2.html it gets redirected to http://local.scrap/index2.html

Why is the ../ URL getting redirected to the DocumentRoot path?

SilverlightFox
  • 32,436
  • 11
  • 76
  • 145
tgun926
  • 1,573
  • 4
  • 21
  • 37
  • It would be a horrible security problem if you were able to access the parent of a `public_html` directory. Apache is designed to prohibit exactly that behavior. – larsks Aug 14 '15 at 13:52

2 Answers2

1

Often times a non-malicious user-agent will resolve ../ in the URL before it ever contacts the server. But even without that, webservers are designe to not allow that kind of directory traversal outside of context roots.

You'd need to test with telnet/netcat/s_client to be sure.

covener
  • 17,402
  • 2
  • 31
  • 45
0

If there's a directory traversal or LFI vulnerability in the website application code then this might indeed be possible.

Also, some webservers have directory traversal vulnerabilities. However, the current version of Apache has no known weaknesses in this respect.

SilverlightFox
  • 32,436
  • 11
  • 76
  • 145