Lesson Plan Title: How to Bypass a Path Based Access Control Scheme
Concept / Topic To Teach:
In a path based access control scheme, an attacker can traverse a path by providing relative path information. Therefore an attacker can use relative paths to access files that normally are not directly accessible by anyone, or would otherwise be denied if requested directly.
The user should be able to access a file that is not in the listed directory.
Figure 1 Lesson 8
This lesson can be solved by intercepting the filename in WebScarab and replacing it with ../main.jsp which is a file located in a folder below the current directory.
Figure 2 Change the variable File
Figure 3 Lessen 8 Completed
|Solution by Erwin Geirnaert|