Over a million developers have joined DZone.
{{announcement.body}}
{{announcement.title}}

PHP Security: Directory Traversal and Code Injection

DZone's Guide to

PHP Security: Directory Traversal and Code Injection

Most web vulnerabilities are a result of bad coding habits or lack of PHP security awareness by developers. Read on to get one sec expert's tips!

· Security Zone ·
Free Resource

Discover how to provide active runtime protection for your web applications from known and unknown vulnerabilities including Remote Code Execution Attacks.

Most web vulnerabilities are a result of bad coding habits or lack of PHP security awareness by developers. The source of probably all of them relies on the fact that user input, which plays a critical role in the security of a web application, is being trusted. This is probably the single point of failure which results in the many different attacks we have seen over the years.

In this post, we will be taking a look at PHP security problems associated with Directory Traversal and Code Injection, as well as giving examples of insecure PHP code.

Directory Traversal

Directory Traversal refers to the attack in which an authenticated or unauthenticated user can request and view or execute files which reside outside the root directory of a web application, or outside a directory to which they should be restricted.

With a system vulnerable to directory traversal, an attacker can take advantage of this vulnerability to step out of the root directory and access other parts of the file system. This might give the attacker the ability to view restricted files, or, even worse, execute commands on the server which can lead to a full compromise of the system. It is not uncommon to chain multiple vulnerabilities such as directory traversal and code execution in an attempt to escalate privileges.

Code Injection

In this vulnerability, an attacker maliciously takes advantage of a script which contains functions that allow system/shell commands to be executed. If user input is being passed unrestricted to these functions, then it is possible to inject code which will then be executed by the system. This essentially gives an attacker a low privileged shell which opens the door to perform many otherwise restricted actions such as accessing private documents which may contain sensitive data. It can also be used to view the source code of the application which could result in exposing passwords or other sensitive information, as well as discovering other vulnerabilities. As if things couldn't get any worse, under certain circumstances it might be possible for an attacker to perform privilege escalation and eventually grant root access, compromising the machine.

We have established that both attacks can be very dangerous. By following some simple steps, however, the risk of being exposed to either can be greatly reduced.

Find out how Waratek’s award-winning application security platform can improve the security of your new and legacy applications and platforms with no false positives, code changes or slowing your application.

Topics:
security ,code injection ,directory traversal ,vulnerabilities

Published at DZone with permission of

Opinions expressed by DZone contributors are their own.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}