Lesson Plan Title: How to Bypass a Path Based Access Control Scheme

Concept / Topic To Teach:
In a path based access control scheme, an attacker can traverse a path by providing relative path information. Therefore an attacker can use relative paths to access files that normally are not directly accessible by anyone, or would otherwise be denied if requested directly.

General Goal(s):
The user should be able to access a file that is not in the listed directory.

Figure 1 Lesson 8

 

Solution:

 

This lesson can be solved by intercepting the filename in WebScarab and replacing it with ../main.jsp which is a file located in a folder below the current directory.

 

Figure 2 Change the variable File

 

Figure 3 Lessen 8 Completed

 

 

Solution by Erwin Geirnaert ZION SECURITY