I remember reading a while ago how it's possible for someone to access your computers filesystem from the website. I want to know how to do it, so I can test and prevent it from happening.
Running Apache 2.4 on Windows via XAMPP
My virtualhost is set up like so:
<VirtualHost *:80>
ServerName local.scrap
DocumentRoot "D:/Dropbox/www/scrap/public_html/"
<Directory "D:/Dropbox/www/scrap/">
Order allow,deny
Allow from all
Require all granted
</Directory>
ErrorLog "D:/Dropbox/www/scrap/logs/error.log"
</VirtualHost>
There is an index2.html
in scrap/
and index.html
in scrap/public_html/
hosts is set up to be 127.0.0.1 local.scrap
If I type the URL http://local.scrap/
I get index.html.
If I type the URL http://local.scrap/../index2.html
it gets redirected to http://local.scrap/index2.html
Why is the ../ URL getting redirected to the DocumentRoot path?
Often times a non-malicious user-agent will resolve ../ in the URL before it ever contacts the server. But even without that, webservers are designe to not allow that kind of directory traversal outside of context roots.
You'd need to test with telnet/netcat/s_client to be sure.