test
HomeBug BountyHunter Discovering Path Traversal Vulnerability in 5 Minutes

Hunter Discovering Path Traversal Vulnerability in 5 Minutes

Path Traversal Vulnerability in 5 Minutes worth $4000

Understanding Directory Traversal, What is it?

Directory traversal is a vulnerability that allows an attacker to access files and directories outside the web root directory. In the context of cybersecurity, this vulnerability can lead to unauthorized access to sensitive system files, potentially compromising the security of a system.

Below in the case of Peternak Kudanil, a bug hunter, directory traversal was discovered on a subdomain of a company listed on Bugcrowd.com. During routine testing, Peternak utilized tools to identify vulnerabilities and inadvertently found that by manipulating the URL path, he could access sensitive files such as /etc/passwd, /etc/group, and /etc/hosts. These files typically contain critical system information and are not intended to be accessible via a web interface.

 

Introduction of the Story

About a year ago, a bug hunter named Peternak Kudanil made a remarkable discovery that earned him $4000 in just five minutes. This unexpected find was a path traversal vulnerability on a subdomain of a company listed on Bugcrowd.com. The discovery came about during a routine exploration, sparked by a method described on https://security.snyk.io/vuln/SNYK-JAVA-IOVERTX-72442

 

Initial Exploration

Peternak began by searching for subdomains using popular enumeration tools like Aquatone and Sublist3r. Using Aquatone, he executed the command `aquatone-discover –domain domain.com`, and with Sublist3r, he ran `./Sublist3r.py -d domain.com`. These tools are effective in identifying and mapping out various subdomains associated with a primary domain.

 

Finding the Vulnerability: Path Traversal Vulnerability

During this process, Peternak found a subdomain named myaccount.redacted.com. Intrigued, he decided to test it with a path traversal payload. He accessed the URL `https://myaccount.redacted.com//etc/passwd`. To his surprise, the contents of the `/etc/passwd` file appeared on his screen, confirming the presence of a path traversal vulnerability.

 

Confirming the Issue

Not entirely convinced, Peternak decided to probe further. He entered another payload, `https://myaccount.redacted.com//etc/group`, and once again, sensitive information was displayed. He repeated this with yet another payload, `https://myaccount.redacted.com//etc/hosts`, and the result was the same: unauthorized access to crucial system files.

 

Reporting the Bug

Each payload revealed sensitive files that should not have been accessible. The initial success with the `/etc/passwd` file might have seemed like a fluke, but consistent results with `/etc/group` and `/etc/hosts` solidified the reality of the vulnerability. Peternak quickly realized the potential impact and severity of this security flaw.

Without wasting any time, he reported the vulnerability to the company’s bug bounty program through Bugcrowd.com. Just a few hours after his submission on September 3, 2018, at 9:21 PM PDT, the company responded, acknowledging the issue and triaging it. By early the next morning, they had confirmed the vulnerability, changing its severity to Critical (P1) at 7:32 AM PDT. Merely a minute later, at 7:33 AM PDT, Peternak was rewarded $4000 for his discovery.

 

Conclusion of Path Traversal Vulnerability

This quick resolution underscored the importance of proactive security measures and timely reporting. For his efforts, Peternak received a $4000 reward. This experience highlighted the critical role of continuous learning and vigilance in the cybersecurity field. It also showcased how seemingly routine explorations could lead to significant discoveries, emphasizing the unpredictable and rewarding nature of bug hunting.

Peternak’s journey from initial discovery to a successful bug report serves as an inspiration for other cybersecurity enthusiasts. It reminds us that the key to finding vulnerabilities often lies in curiosity, persistence, and the willingness to experiment with new techniques.

Peternak’s dedication and quick action not only earned him a substantial reward but also helped secure a vulnerable system, making the digital world a little safer.

 

How to Prevent Directory Traversal Vulnerabilities

Directory traversal vulnerabilities can pose significant risks to web applications by allowing attackers to access sensitive files and directories outside of the intended directory structure. To mitigate these risks, consider the following preventive measures:

  • Input Validation and Sanitization: Implement strict input validation and sanitization techniques to ensure that user-supplied input, such as file paths or URLs, does not contain sequences that can navigate outside the intended directory structure.
  • Use of White listing: Use white listing techniques to define acceptable inputs and reject any input that deviates from the expected format or structure.
  • Path Normalization: Normalize file paths to their canonical or absolute forms before processing. This process helps remove any redundant or ambiguous path components that attackers could exploit.
  • Access Controls: Implement robust access controls to restrict access to sensitive files and directories based on user roles and privileges. Ensure that only authorized users and applications have access to critical system files.
  • File System Permissions: Set appropriate file system permissions to restrict access to directories and files based on the principle of least privilege. Limit read, write, and execute permissions to only those users and processes that require them.
  • Security Testing: Regularly conducting security testing, including vulnerability scanning and penetration testing, helps organizations identify and remediate any potential directory traversal vulnerabilities before attackers can exploit them.

By adopting these preventive measures, organizations can significantly reduce the risk of directory traversal vulnerabilities and enhance the overall security posture of their web applications.

 

Link to read full write up: https://noobsec.org/project/2019-12-16-How-We-Get-4000$-in-5-Minutes/

Save the PDF here 

 

Christin
Christinhttps://secry.me/explore
A cybersecurity practitioner with more than 5 years of experience in the cybersecurity world. Has an interest in creating simple blog websites, learning about SEO and graphic design, writing, AI, and understanding the concepts of journalism. Intentionally created this website to make the world of cybersecurity more engaging by combining it with journalistic principles and presenting cybersecurity stories that are easy to understand, which can help anyone who wants to develop in the cybersecurity world.

RELATED ARTICLES

LEAVE A REPLY

Please enter your comment!
Please enter your name here

twenty − one =

Most Popular

GOOGLE ADVERTISEMENT

- Advertisement -