Testing for Directory Traversal File Vulnerabilities

[ImanSharaf]

There could be a case that you can add to this document. There was a situation that my target was not vulnerable against Directory Traversal Attack in a normal way, but it was allowing me to upload a compressed folder, I was able to upload a PHP shell file in a folder that had the permission to execute the file by doing this:
1- Create a zip file with a Python code and for the name of the target file to be compressed use something like this ../../../../../../../../var/www/target/root/shell.php [we cannot do it using normal applications that can ZIP files]
I believe this trick should be mentioned in WSTG somewhere.

[ThunderSon]

Thank you for bringing this over to our attention. That attack does exist already in 4.10.9

@kingthorin this issue might be bringing over duplication, let's maybe review that?
Maybe expand a bit on it as well on how it can be tested.

There's 4.5.1, 4.7.11.1, 4.10.9 that have some similarities.

@ImanSharaf let me know if 4.10.9 is the right answer for this! :)
If yes, maybe we can try expanding on it to create a proper test scenario.

[doverh]

@ThunderSon @kingthorin I have a branch with a version that includes tests for Testing for Directory Traversal File under section 4.10.9

[ThunderSon]

@doverh can you please open a PR for us so we can give it a look?

[doverh]

hey @ThunderSon Do you need to assign this issue to me so I can create a branch and PR?

[kingthorin]

Just go ahead.