When an attacker “enumerates” services and directories on a web server they are scanning it to see whether or not certain well-known directories are present. When they “traverse” the directory structure it means that they are actively exploring it. Running a directory traversal, or path traversal, allows an attacker to access files and directories on a web server that they should not be able to access. 

‍

This vulnerability occurs when a web application does not properly sanitise user input, allowing an attacker to manipulate the file path and navigate to directories and files outside of the web application's intended directory. 

‍

Once an attacker gains access to sensitive files or directories, they can potentially steal sensitive information, compromise the web server, or perform other malicious actions. Fortunately, there are simple steps you can take to secure your website.

‍

Checklist

Here is what you can do to check for vulnerable information on your website directory, and how you can protect this data by revising your server configuration.

‍

Step 1: Scan for common directories

Start by scanning your web server for common directories that could be vulnerable to a directory traversal attack. 

‍

You can do this by sending a request for a directory and checking the web server's response code to see if it's a valid directory or not. This can expose sensitive server information, such as administration, development, password, or site configuration files.

‍

Step 2: Inspect directories

Of the directories you find in your search, are there any that should be private?

‍

If they contain sensitive information, or reveal things an attacker could use against you (such as the location of config files), hide the folders.

‍

Manually inspect the directories you have identified to ensure they comply with your company's security standards. Check for sensitive information, and make sure that you hide any of these directories AND password protect them.

‍

This includes information on administration, robots.txt, development, passwords, or site configuration, for example. Note that having this information is not in itself a bug, it’s often necessary, but you should check the content to assess whether these accessible files should appear in a public scan. 

‍

Step 3: Revise your server configuration

To protect your website from directory traversal attacks, you will need to revise your server configuration. 

‍

Move files to an index.html setup where you do not refer to pages by their full name, but rather look them up.

‍

You can password protect or hide certain directories depending on your backend environment. Web development engines have their own methods, such as using a GUI admin panel like CPanel. Alternatively, you can manually add folders on the server itself using HTAccess files.

‍

You can learn more about directory traversal here and follow the OWASP testing guide.

‍

Conclusion

Directory traversal may seem like a complicated security vulnerability, but it's easy to detect and remediate with these three simple steps. Regularly scan and inspect your web server's directories, and revise your server configuration to protect your website and users from potential security threats.