Path Traversal Exploitation Attempts

 1title: Path Traversal Exploitation Attempts
 2id: 7745c2ea-24a5-4290-b680-04359cb84b35
 3status: test
 4description: Detects path traversal exploitation attempts
 5references:
 6    - https://github.com/projectdiscovery/nuclei-templates
 7    - https://book.hacktricks.xyz/pentesting-web/file-inclusion
 8author: Subhash Popuri (@pbssubhash), Florian Roth (Nextron Systems), Thurein Oo, Nasreddine Bencherchali (Nextron Systems)
 9date: 2021-09-25
10modified: 2023-08-31
11tags:
12    - attack.initial-access
13    - attack.t1190
14logsource:
15    category: webserver
16detection:
17    selection:
18        cs-uri-query|contains:
19            - '../../../../../lib/password'
20            - '../../../../windows/'
21            - '../../../etc/'
22            - '..%252f..%252f..%252fetc%252f'
23            - '..%c0%af..%c0%af..%c0%afetc%c0%af'
24            - '%252e%252e%252fetc%252f'
25    condition: selection
26falsepositives:
27    - Expected to be continuously seen on systems exposed to the Internet
28    - Internal vulnerability scanners
29level: medium

References

• GitHub - projectdiscovery/nuclei-templates: Community curated list of templates for the nuclei engine to find security vulnerabilities.

  

  Community curated list of templates for the nuclei engine to find security vulnerabilities. - projectdiscovery/nuclei-templates

  
  Read More

• File Inclusion/Path traversal | HackTricks

  

  Join HackenProof Discord server to communicate with experienced hackers and bug bounty hunters! Hacking Insights Engage with content that delves into the thrill and challenges of hacking Real-Time ...

  
  Read More

Related rules

• ADSelfService Exploitation
• Apache Spark Shell Command Injection - ProcessCreation
• Apache Spark Shell Command Injection - Weblogs
• Apache Threading Error
• Arcadyan Router Exploitations