mirror of
https://github.com/carlospolop/hacktricks
synced 2024-12-18 17:16:10 +00:00
3.7 KiB
3.7 KiB
Client Side Path Traversal
{% hint style="success" %}
Learn & practice AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Learn & practice GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)
Support HackTricks
- Check the subscription plans!
- Join the 💬 Discord group or the telegram group or follow us on Twitter 🐦 @hacktricks_live.
- Share hacking tricks by submitting PRs to the HackTricks and HackTricks Cloud github repos.
Basic Information
A client side path traversal occurs when you can manipulate the path of a URL that is going to be sent to a user to visit in a legit way or that a user is somehow going to be forced to visit for example via JS or CSS.
- In this writeup, it was possible to change the invite URL so it would end up canceling a card.
- In this writeup, it was possible to combine a client side path traversal via CSS (it was possible to change the path where a CSS resource was loaded from) with an open redirect to load the CSS resource from an attacker controlled domain.
- In this writeup, it's possible to see a tachnique on how to abuse CSPT to perform a CSRF attack. This is done by monitoring all the data that an attacker can control (URL path, parameters, fragment, adata injected in the DB...) and the sinks this data ends (requests being performed).
- Check this browser extension to monitor that.
- Check this CSPT playground to try the technique.
- Check this tutorial on how to use the browser extension in the playground.
{% hint style="success" %}
Learn & practice AWS Hacking:HackTricks Training AWS Red Team Expert (ARTE)
Learn & practice GCP Hacking: HackTricks Training GCP Red Team Expert (GRTE)
Support HackTricks
- Check the subscription plans!
- Join the 💬 Discord group or the telegram group or follow us on Twitter 🐦 @hacktricks_live.
- Share hacking tricks by submitting PRs to the HackTricks and HackTricks Cloud github repos.