Path Traversal Exploitation Attempts

 1title: Path Traversal Exploitation Attempts
 2id: 7745c2ea-24a5-4290-b680-04359cb84b35
 3status: test
 4description: Detects path traversal exploitation attempts
 5references:
 6    - https://github.com/projectdiscovery/nuclei-templates
 7    - https://book.hacktricks.xyz/pentesting-web/file-inclusion
 8author: Subhash Popuri (@pbssubhash), Florian Roth (Nextron Systems), Thurein Oo, Nasreddine Bencherchali (Nextron Systems)
 9date: 2021/09/25
10modified: 2023/08/31
11tags:
12    - attack.initial_access
13    - attack.t1190
14logsource:
15    category: webserver
16detection:
17    selection:
18        cs-uri-query|contains:
19            - '../../../../../lib/password'
20            - '../../../../windows/'
21            - '../../../etc/'
22            - '..%252f..%252f..%252fetc%252f'
23            - '..%c0%af..%c0%af..%c0%afetc%c0%af'
24            - '%252e%252e%252fetc%252f'
25    condition: selection
26falsepositives:
27    - Expected to be continuously seen on systems exposed to the Internet
28    - Internal vulnerability scanners
29level: medium

References

• GitHub - projectdiscovery/nuclei-templates: Community curated list of templates for the nuclei engine to find security vulnerabilities.

  

  Community curated list of templates for the nuclei engine to find security vulnerabilities. - projectdiscovery/nuclei-templates

  
  Read More

• File Inclusion/Path traversal | HackTricks | HackTricks

  

  Learn AWS hacking from zero to hero with htARTE (HackTricks AWS Red Team Expert)! Join HackenProof Discord server to communicate with experienced hackers and bug bounty hunters! Hacking Insights En...

  
  Read More

Related rules

• ADSelfService Exploitation
• Apache Threading Error
• JNDIExploit Pattern
• Spring Framework Exceptions
• CVE-2010-5278 Exploitation Attempt