路径遍历漏洞

发布于 2025-01-11 01:16:22 字数 395 浏览 0 评论 0原文

路径遍历的概念对我来说是新的，需要一些指导。

在我的项目中，我有以下代码行：

uploadimg.SaveAs(Server.MapPath("tempfiles/" + fUIName));
FileUpload1.SaveAs(Server.MapPath("tempfiles/" + fSIName));

此代码是否容易受到 PathTraversal 漏洞的影响。

任何人都可以帮助我理解路径遍历的概念以及如何删除/避免它。谢谢！

编辑 1：

还提到我将文件临时存储在 tempfiles 文件夹中。完成保存文件的目的后，我将从临时文件中删除文件。那么我可以跳过这个漏洞吗？请指导。谢谢！

原文

The concept of path traversal is new to me need some guidance please.

In my project I have following line of code:

uploadimg.SaveAs(Server.MapPath("tempfiles/" + fUIName));
FileUpload1.SaveAs(Server.MapPath("tempfiles/" + fSIName));

Is this code is vulnerable to PathTraversal vulnerability.

Can any one help me understanding the concept of path traversal and how to remove/avoid it.
Thanks!

Edit 1:

It is also mentioned that I am storing files in tempfiles folder temporary. After the purpose of saving the file fulfilled I am deleting the files from tempfiles. So can I skip this vulnerability?
Please guide.
Thanks!

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

少女情怀诗 2025-01-18 01:16:22

路径遍历意味着有人将文件上传到您的网站并可以直接从URL访问它（如果他知道路径，或者可以从其他页面找到它）。

例如，假设您在 tempfiles/ 上传了一个名为 file.pdf 的 pdf 文件

，那么您可能会将其显示在某个页面上 http://example.com /tempfiles/file.pdf

现在攻击者知道文件上传到哪里，然后将其上传到您的其他文件，可能是带有欺诈行为的 html，也可能是某个服务器浏览器 在 aspx 页面等...并直接从网址。

解决方案

您可以将所有文件上传到安全文件夹，例如您无法直接访问的App_Data。

您可以将其上传到您更改权限的文件夹，但您无法直接访问它。（请参阅此处如何做到这一点如何在 IIS 上为 ASP.NET 设置正确的文件权限）

您可以限制上传内容的扩展名，例如仅允许图像，然后将其放在该目录中避免任何人在那里运行任何东西。

<configuration>
    <system.web>
      <authorization>
        <deny users="*" />
      </authorization>
    </system.web>
</configuration>

现在，如果您将 pdf 上传到用户无法直接从 URL 访问的目录，则需要创建一个返回上传文件的处理程序。处理程序必须知道是否允许用户查看该文件、该文件是否安全、该文件是否直接来自站点。

一些简单的例子。
调用.ashx页面下载文件和asp.net 中的备用图像显示

最后一个解决方案是检查引用并确保它来自您的网站，并且不是使用此网址直接调用HttpContext.Current.Request.UrlReferrer.Host。这意味着用户正在上传图像，但只有当它来自使用某些链接的网站页面的请求时才允许查看它。

The path traversal is means that some one upload a file to your site and can access it direct from the URL (if he knows the path, or can find it from some other page).

Eg, lets say that you upload a pdf file named file.pdf at tempfiles/

Then you probably show it on some page as http://example.com/tempfiles/file.pdf

Now the attacker knows where the file is uploaded, and then its upload to you some other file, maybe an html with fraud, maybe some server browser in an aspx page etc... and direct call it from the url.

Solutions

You can upload all the files to a secure folder like App_Data that you can not direct access it.

You can upload it to a folder that you change the permissions and again you can not direct access it. (see here how you can do that How to set correct file permissions for ASP.NET on IIS)

You can limit the extensions for what you upload and let only images for example, and put that on that directory to avoid anyone to run anything there.

<configuration>
    <system.web>
      <authorization>
        <deny users="*" />
      </authorization>
    </system.web>
</configuration>

Now, if you upload pdf to a directory that the user can not access direct from the url, you need to create a handler that return the uploaded files. The handler must knows if the user is allowed to view the file, if the file is safe, if the file come direct from the site.

some simple examples.
file download by calling .ashx page and Alternate image display in asp.net

And one last solution is to check the reference and make sure that is comming from your site and its not a direct call from the url using this HttpContext.Current.Request.UrlReferrer.Host. Meaning that the user is uploading an image, but its allowed to view it only if its come the request from a page of your site using some link.

回复收藏 0 原文

~没有更多了~