directory traversal attack
 

hi everyone,

can anyone tell me wht a webserver buffer directory traversal attack is and if possible some links , i found some links in packetstorm but i was looking for basic information on the attack.
Like how can it be detected from an ids point of view.

any suggetions are most welcome ,

ty.

http://www.linuxsecurity.com/content/view/105737/104/
the above link explains about a gentoo attack vuln in PhpMyAdmin...........

http://www.google.com/search?hl=en&q...=Google+Search

google turns up way more info.............

yeah i did my google before posting it buy i found most of the links to be either "it results in directory traversal attack" or the exploit details , but not wht the attack is. i mean (the working of the attack , i need only the theory) .

thanks.

Many applications create a direct mapping between user input, and files on the filesystem. This can happen explicitly, for example the way a webserver maps URLs to the filesystem, or it could be harder to spot: for example if issuing the “HELP FOO” command causes the underlying program to display the resource “help/foo.txt”.

The most common directory traversal attack comes from a user making a request for ‘../../foo’: using the ‘..’ construct to escape to the directory above that in which the files should be found. This is, however, not the only unsafe pattern: several exploits have used ‘.|.’ instead.

This is a very common vulnerability. It is most prevalent in P2P software, or in applications that “grow” some kind of fileserver bolted on the side: since fileserving isn’t the core area of expertise for the developer, the dangers are often overlooked. For example, when ICQ was first shipped with a personal webserver, it was vulnerable to the simplest of directory traversal attacks.

MORE SIMPLEST DEFINITION IS

A user supplies a specially crafted filename to a program (usually a server) that allows them to access files in areas of the filesystem that should be unavailable.

thank you very much..