From XSS to a Directory Traversal

Hey Guys!! This is my first write up for a bug bounty. So Pardon me if I made any mistakes and also feel fee to express your idea below. The program was private so I cannot expose the name but lets take the target as “www.target.com” . So i started doing some recon and trying to get some XSS and checking out as usual what you do. And for whole 2 weeks I was trying and trying but didn’t found a single thing. I was more onto XSS on that target but ended up with nothing

So I went Offline for some days from the screen and came back on the target. I was on the Chrome DevTools because most of the time I use Chrome DevTools to look Javascript files although its on low tech side but I specially Love the Network Function on the DevTools because you can view the file category types arranged in a order Js,CSS,XHR etc which makes work more easier. If you want to learn more about the usage of chrome DevTools and also javascripts I recommend you to watch TomNomNom & STOKs video below

So I was looking on a Javscript File and I saw the file path of that file and it was a bit weird. The path looks like “https://target.com/contents/theme/_/script/.js file”

So then I copied the file path and went to it and as normal the Javascript file loaded and then I removed .js file from the path and loaded it as “https://target.com/contents/theme/_/script/” then it showed up a blank with no errors such as Forbidden or 404. The I removed the script keyword from the path which the link was like “https://target.com/contents/theme/_/” and loaded..BOOM!!! It Showed up the Directory with all the Files and Folders in the Theme Folder and had some juicy files in that such as Database configs, Backup files etc.

The vulnerability was a Directory Traversal Vulnerability you can read more on here https://cwe.mitre.org/data/definitions/538.html & https://cwe.mitre.org/data/definitions/548.html

What is a Directory Traversal Attack?

A directory traversal attack can be used to access restricted files or directories of a web server. There are many reasons that these vulnerabilities may be created such as the lack of URL and relative path checking, or insufficient handling of a request path or URL. The most common attack vector for directory traversals that we have seen is the use of the string ../. Using this string, attackers are able to access directories that they shouldn’t have access to. It is due to this, that the directory traversal attack may also be called a dot-dot-slash attack or directory climbing. (Credits to https://medium.com/@Vanessa.h)

According to my scenario the attack vector had “/_/” on it where it can be accessible.

Lessons to Learn

Always don’t rely on a single attack vector such as XSS where you may find some other vulnerabilities which is more critical than XSS. And Also relax n Chill don’t get too stressed take a drink or coffee , meet friends enjoy. Always try to think out of the box.

Thank You!!

--

--

--

Security Researcher | Web App & Network Penetration Tester

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

What happens when you type holbertonschool.com in your browser and press Enter?

{UPDATE} 4 in a Row Classic Connect Hack Free Resources Generator

Big Data

The Information Security Conundrum: 5 Key Lessons for Effective Information Security Training

PEPPERONI SLICES LOCATIONS WORLDWIDE VIA CCTV ONLY AND THE INTERNET.

Don’t Ever Update Your Billing Information From an Email Link

TT Mining Festival V4 Has More than 100,000 Miners

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Supun Halangoda (Suppa)

Supun Halangoda (Suppa)

Security Researcher | Web App & Network Penetration Tester

More from Medium

CS371p Spring 2022: Vincent Huynh

How to creat ASP.NET

CS373 Spring 2022: Samson Broten

How To Achieve Deep and Lasting Change Through Leadership Development: Use This Human Change…