filter special characters from permalinks i.e domain.com/?p=c%3A%2F

Asked Mar 02 '21 at 11:53

Active Mar 02 '21 at 11:53

Viewed 40 times

whenever I scan my website for security in OWASP ZAP it always show the high risk vulnerability of path traversal attack from certain urls i.e

domain.com/?p=c%3A%2F
domain.com/?post_type=c%3A%2F
domain.com/?s=c%3A%2F

How can I secure my website from these kind of path traversal attacks?

asked Mar 02 '21 at 11:53

Zeeshan ali

Are you _using_ these values in any file system or URL context? Otherwise, where is the path traversal possibility supposed to be here? – CBroe Mar 02 '21 at 12:09
@CBroe No, The software I use to scan for security tells me that these kind of url context can cause path traversal attack. That's why I want to make them secure but don't understand how to do it. I've tried many things but didn't work. – Zeeshan ali Mar 02 '21 at 12:35
_“Can”_ is the operative word here. If you do not _use_ these parameters in any “path context”, then there is no vector for attack here. _“That's why I want to make them secure but don't understand how to do it.”_ - you can not “secure” anything, if you have not even properly understood what the _issue_ is to begin with. So I would suggest you go read up on that _properly_ first of all now. – CBroe Mar 02 '21 at 12:38

0 Answers0