Stack Overflow
Stack Overflow

Questions tagged [path-traversal]

36 questions
0
votes
1 answer

Is path traversal possible using Javas File constructor?

I'm building a webservice where users can upload zipfiles that get unzipped and saved to our server. I created the following function to open a file in a specified path: private File secureOpenFile(String fileName, String directorypath){ …
rmeertens
  • 4,383
  • 3
  • 17
  • 42
0
votes
1 answer

Getting a path traversal flag in Zap OWASP, but parameters are perfectly valid

A penetration test using OWASP Zap is finding a number of Path Traversal 'vulnerabilities' but either the report isn't telling me the whole story, or they seem perfectly safe to me. Eg: URL: http://[xxxx]/News/GetContactsList/2 Parameter:…
Steve Owen
  • 2,022
  • 1
  • 20
  • 30
0
votes
2 answers

IBM AppScan Security PathTraversal issue in File.Copy method in VB.Net

I ran IBM AppScan tool on a VB.Net source.I am getting one security issue in File.Copy method under Path Traversal category. Issue Detail - Vulnerability Type - PathTraversal This API accepts a directory, a filename, or both. If user supplied data…
Deepak
  • 1
  • 2
0
votes
1 answer

ZAP reports there's a path traversal vulnerability. How it found it?

I was testing a web application with ZAP and it reports a path traversal vulnerability. I understand it how it works (at least, I think so), so I reviewed the code, tested the URLs, but I could not find where to fix the vulnerability. I only know…
JonDoe297
  • 1,601
  • 1
  • 15
  • 21
0
votes
2 answers

Pass sonar's PT_RELATIVE_PATH_TRAVERSAL in java

I've got two issues sonar is sad about. First one in a line of code with relative path traversal issue which looks like this: File f = new File(MY_DIR + filename); Where filename is a parameter I've got from a request. The second line is about an…
Anton Zvonovsky
  • 313
  • 2
  • 6
  • 16
-4
votes
1 answer

Prevent users to download other files by changing the path in a url query

i have a download function receiving the filename by $_GET and i want to prevent users of downloading other files changing the path and accessing other files in the system. method: function actionDownload($arquivo) { try { $filepath =…
André Walker
  • 588
  • 10
  • 30
1 2
3