Directory traversal, or path, is an HTTP attack that allows attackers to access restricted directories using the ../ characters to backtrack to files or directories outside the root directory. If a web app is vulnerable to this, an attacker may be able to access limited files containing information about all registered users on the system, their permissions, and encrypted passwords.
Depending on the user's web applications, users, for example, read and write, allow an attacker to utilize a directory path not only to read sensitive files but also to replace system files with their own.
As an example, we can see if it is vulnerable to a web app that lets users download files. wall penetration with point-point slash (../), which is the GNU-Linux / Unix way to escape from the current directory back to the parent directory. We navigate away from the app's root directory, usually named / app, back to directories closer to the system files, such as /etc/passwd.
When browsing a web application and the URL reads:  http: // shopping site .com / get-files.php? file = clothing
You can search for an intangible vulnerability by using ../ to try to fly to a system critical directory:
http: //shopping-site.com/ goat files? file = .. / .. / .. / .. / etc / passwd
While the attack seems simple, it still affects apps and devices to this day. Recently, ForeScout's security research team, a cyber security company, showed devices used in BAS networks, which are used to control energy-intensive equipment such as HVAC and building lighting controls. A vulnerability in the road was one of the many vulnerabilities they found in the devices.
In this guide, we stumble upon a groundbreaking vulnerability on the Google Gruyere vulnerable web app for a code execution vulnerability. The tool we use is Burp Suite Community Edition. Burp is an interception proxy that acts as a man-in-the-center by capturing each query to and from the target web so that the pentester can edit, read, and play individual HTTP requests to search for vulnerabilities and injection points.
Step 1: Visit Google Gruyere in Your Browser
Before we start configuring the proxy settings, setting up Burp Suite and starting up Gruyere, let's first open your browser to Gruyere's homepage. Do not click on anything yet, we will agree and start in a future step.
Step 2: Configure your Burp Suite browser
If you do not have Burp Suite on your computer, you can download and install it on MacOS, Linux and Windows. On Kali Linux, the community version is already installed. Then you need to download Burp's CA certificate and then configure your browser to control traffic to Burps proxy. PortSwigger, the company behind the Burp Suite, has an excellent guide to creating the CA certificate that you can follow.
If you want to configure your browser to control traffic so that Burp can interrupt HTTP and HTTPS requests from a web app, you need to set up a manual proxy configuration in your browser. The settings can usually be found in "Proxy" or "Network Proxy." Set HTTP Proxy to be 127.0.0.1 on port 8080, which is the default Burp uses when it is started.
Step 3: Enable Burp to Capture Web Request
Leave your browser open for the web app you are testing, in this case, the Google Gruyere homepage and launch Burp Suite. Create a temporary project (this will always be the case because all other options are reserved for Burp Suite Pro) and then select "Use Burp Defaults" which continues to run Burp with the default proxy settings for 127.0.0.1:8080. How to use a security risk for directory crossing in code execution "width =" 480 "height =" 480 "style =" max-width: 532px; height: auto; "/>