{"id":476846,"date":"2023-08-09T09:04:34","date_gmt":"2023-08-09T09:04:34","guid":{"rendered":""},"modified":"2023-09-05T11:13:34","modified_gmt":"2023-09-05T11:13:34","slug":"directory-traversal-attack","status":"publish","type":"wiki","link":"https:\/\/oneproxy.pro\/jp\/wiki\/directory-traversal-attack\/","title":{"rendered":"\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u30c8\u30e9\u30d0\u30fc\u30b5\u30eb\u653b\u6483"},"content":{"rendered":"<p>\u30c7\u30a3\u30ec\u30af\u30c8\u30ea \u30c8\u30e9\u30d0\u30fc\u30b5\u30eb\u653b\u6483 (\u30d1\u30b9 \u30c8\u30e9\u30d0\u30fc\u30b5\u30eb\u653b\u6483\u3068\u3082\u547c\u3070\u308c\u308b) \u306f\u3001Web \u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u306e\u9818\u57df\u3067\u91cd\u5927\u306a\u30ea\u30b9\u30af\u3068\u306a\u308a\u307e\u3059\u3002\u4e3b\u306b\u3001\u30b5\u30fc\u30d0\u30fc\u4e0a\u306e\u30d5\u30a1\u30a4\u30eb\u306b\u30a2\u30af\u30bb\u30b9\u3059\u308b Web \u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u306e\u6a5f\u80fd\u306b\u304a\u3051\u308b\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u306e\u8106\u5f31\u6027\u3092\u60aa\u7528\u3057\u307e\u3059\u3002\u3053\u308c\u3089\u306e\u653b\u6483\u306b\u3088\u308a\u3001\u60aa\u610f\u306e\u3042\u308b\u30e6\u30fc\u30b6\u30fc\u306f\u3001\u300c\u30c9\u30c3\u30c8 \u30c9\u30c3\u30c8 \u30b9\u30e9\u30c3\u30b7\u30e5 (..\/)\u300d\u30b7\u30fc\u30b1\u30f3\u30b9\u3067\u30d5\u30a1\u30a4\u30eb\u3092\u53c2\u7167\u3059\u308b\u5909\u6570\u3092\u64cd\u4f5c\u3059\u308b\u3053\u3068\u3067\u3001Web \u30eb\u30fc\u30c8 \u30d5\u30a9\u30eb\u30c0\u30fc\u5916\u306b\u4fdd\u5b58\u3055\u308c\u3066\u3044\u308b\u30d5\u30a1\u30a4\u30eb\u3084\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u306b\u30a2\u30af\u30bb\u30b9\u3067\u304d\u308b\u3088\u3046\u306b\u306a\u308a\u307e\u3059\u3002<\/p>\n<h2>\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u30c8\u30e9\u30d0\u30fc\u30b5\u30eb\u653b\u6483\u306e\u9032\u5316<\/h2>\n<p>\u30c7\u30a3\u30ec\u30af\u30c8\u30ea \u30c8\u30e9\u30d0\u30fc\u30b5\u30eb\u653b\u6483\u306e\u8d77\u6e90\u306f\u3001Web \u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u304c\u30b9\u30af\u30ea\u30d7\u30c8\u3092\u4f7f\u7528\u3057\u3066\u30b5\u30fc\u30d0\u30fc\u5074\u306e\u30d5\u30a1\u30a4\u30eb\u306b\u30a2\u30af\u30bb\u30b9\u3057\u59cb\u3081\u305f\u30a4\u30f3\u30bf\u30fc\u30cd\u30c3\u30c8\u306e\u521d\u671f\u306e\u9803\u306b\u307e\u3067\u9061\u308a\u307e\u3059\u3002\u30c6\u30af\u30ce\u30ed\u30b8\u304c\u9032\u6b69\u3057\u3001Web \u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u304c\u3088\u308a\u8907\u96d1\u306b\u306a\u308b\u306b\u3064\u308c\u3066\u3001\u3053\u306e\u7a2e\u306e\u8106\u5f31\u6027\u306e\u53ef\u80fd\u6027\u3082\u9ad8\u307e\u308a\u307e\u3057\u305f\u3002<\/p>\n<p>\u30c7\u30a3\u30ec\u30af\u30c8\u30ea \u30c8\u30e9\u30d0\u30fc\u30b5\u30eb\u653b\u6483\u304c\u521d\u3081\u3066\u516c\u306b\u8a00\u53ca\u3055\u308c\u305f\u306e\u306f\u3001\u3053\u306e\u8106\u5f31\u6027\u306e\u6839\u672c\u7684\u306a\u6027\u8cea\u306e\u305f\u3081\u3001\u3084\u3084\u7279\u5b9a\u304c\u56f0\u96e3\u3067\u3059\u3002\u3057\u304b\u3057\u3001Web \u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u304c\u4e00\u822c\u7684\u306b\u306a\u308a\u3001\u5b89\u5168\u3067\u306a\u3044\u30d5\u30a1\u30a4\u30eb\u53c2\u7167\u3092\u60aa\u7528\u3059\u308b\u6a5f\u4f1a\u304c\u5897\u3048\u305f 1990 \u5e74\u4ee3\u5f8c\u534a\u304b\u3089 2000 \u5e74\u4ee3\u524d\u534a\u306b\u304b\u3051\u3066\u3001\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u4e0a\u306e\u61f8\u5ff5\u304c\u3055\u3089\u306b\u9855\u8457\u306b\u306a\u308a\u307e\u3057\u305f\u3002<\/p>\n<h2>\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u30c8\u30e9\u30d0\u30fc\u30b5\u30eb\u653b\u6483\u306e\u62e1\u5927<\/h2>\n<p>\u30c7\u30a3\u30ec\u30af\u30c8\u30ea \u30c8\u30e9\u30d0\u30fc\u30b5\u30eb\u653b\u6483\u306f\u3001\u30cf\u30c3\u30ab\u30fc\u304c\u901a\u5e38\u306f\u516c\u958b\u3055\u308c\u3066\u3044\u306a\u3044\u30b5\u30fc\u30d0\u30fc\u306e\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u306b\u30a2\u30af\u30bb\u30b9\u3059\u308b HTTP \u30a8\u30af\u30b9\u30d7\u30ed\u30a4\u30c8\u306e\u4e00\u7a2e\u3067\u3059\u3002\u653b\u6483\u8005\u306f\u3001\u30e6\u30fc\u30b6\u30fc\u304c\u6307\u5b9a\u3057\u305f\u5165\u529b\u30d5\u30a1\u30a4\u30eb\u540d\u306e\u4e0d\u5341\u5206\u306a\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u691c\u8a3c\u3084\u30b5\u30cb\u30bf\u30a4\u30ba\u3092\u60aa\u7528\u3057\u3001\u5236\u7d04\u3055\u308c\u305f\u74b0\u5883\u304b\u3089\u629c\u3051\u51fa\u3057\u307e\u3059\u3002<\/p>\n<p>\u30c7\u30a3\u30ec\u30af\u30c8\u30ea \u30c8\u30e9\u30d0\u30fc\u30b5\u30eb \u30b7\u30fc\u30b1\u30f3\u30b9\u306f\u3001URL \u30d9\u30fc\u30b9\u306e\u653b\u6483\u3067\u6700\u3082\u3088\u304f\u4f7f\u7528\u3055\u308c\u307e\u3059\u304c\u3001\u30d8\u30c3\u30c0\u30fc \u30a4\u30f3\u30b8\u30a7\u30af\u30b7\u30e7\u30f3\u3001Cookie \u64cd\u4f5c\u3001POST \u30d1\u30e9\u30e1\u30fc\u30bf\u5185\u3067\u3082\u4f7f\u7528\u3055\u308c\u308b\u3053\u3068\u304c\u3042\u308a\u307e\u3059\u3002\u3053\u308c\u306b\u3088\u308a\u3001\u653b\u6483\u8005\u306f\u5236\u9650\u3055\u308c\u305f\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u3092\u8868\u793a\u3057\u3001Web \u30b5\u30fc\u30d0\u30fc\u306e\u30eb\u30fc\u30c8 \u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u5916\u3067\u30b3\u30de\u30f3\u30c9\u3092\u5b9f\u884c\u3057\u3001\u6a5f\u5bc6\u60c5\u5831\u306b\u4e0d\u6b63\u306b\u30a2\u30af\u30bb\u30b9\u3059\u308b\u3053\u3068\u304c\u3067\u304d\u307e\u3059\u3002<\/p>\n<h2>\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u30c8\u30e9\u30d0\u30fc\u30b5\u30eb\u653b\u6483\u306e\u4ed5\u7d44\u307f<\/h2>\n<p>\u30c7\u30a3\u30ec\u30af\u30c8\u30ea \u30c8\u30e9\u30d0\u30fc\u30b5\u30eb\u653b\u6483\u306f\u3001\u30e6\u30fc\u30b6\u30fc\u304c\u6307\u5b9a\u3057\u305f\u5165\u529b\u30d5\u30a1\u30a4\u30eb\u540d\u306e\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u691c\u8a3c\/\u30b5\u30cb\u30bf\u30a4\u30ba\u304c\u4e0d\u5341\u5206\u306a\u3053\u3068\u3092\u60aa\u7528\u3057\u3066\u5b9f\u884c\u3055\u308c\u308b\u305f\u3081\u3001\u653b\u6483\u8005\u306f\u3053\u308c\u3089\u3092\u64cd\u4f5c\u3057\u3066\u5236\u9650\u3055\u308c\u305f\u5834\u6240\u306e\u5916\u90e8\u306b\u79fb\u52d5\u3059\u308b\u3053\u3068\u304c\u3067\u304d\u307e\u3059\u3002<\/p>\n<p>\u975e\u5e38\u306b\u5358\u7d14\u5316\u3057\u305f\u5f62\u3067\u3001\u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u304c\u30b5\u30fc\u30d0\u30fc\u304b\u3089\u753b\u50cf\u30d5\u30a1\u30a4\u30eb\u306b\u30a2\u30af\u30bb\u30b9\u3057\u3088\u3046\u3068\u3057\u3066\u3044\u308b\u30b7\u30ca\u30ea\u30aa\u3092\u8003\u3048\u3066\u307f\u307e\u3057\u3087\u3046\u3002<\/p>\n<pre><div class=\"bg-black rounded-md mb-4\"><div class=\"flex items-center relative text-gray-200 bg-gray-800 px-4 py-2 text-xs font-sans justify-between rounded-t-md\"><span>\u30a2\u30eb\u30c9\u30a5\u30a4\u30fc\u30ce<\/span><button class=\"flex ml-auto gap-2\"><svg stroke=\"currentColor\" fill=\"none\" stroke-width=\"2\" viewbox=\"0 0 24 24\" stroke-linecap=\"round\" stroke-linejoin=\"round\" class=\"h-4 w-4\" height=\"1em\" width=\"1em\" ><path d=\"M16 4h2a2 2 0 0 1 2 2v14a2 2 0 0 1-2 2H6a2 2 0 0 1-2-2V6a2 2 0 0 1 2-2h2\"><\/path><rect x=\"8\" y=\"2\" width=\"8\" height=\"4\" rx=\"1\" ry=\"1\"><\/rect><\/svg>\u30b3\u30fc\u30c9\u3092\u30b3\u30d4\u30fc\u3059\u308b<\/button><\/div><div class=\"p-4 overflow-y-auto\"><code class=\"!whitespace-pre hljs language-arduino\" data-no-translation=\"\">http:<span class=\"hljs-comment\">\/\/example.com\/app?file=logo.jpg<\/span>\n<\/code><\/div><\/div><\/pre>\n<p>\u3053\u306e\u5834\u5408\u3001\u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u306f\u30d5\u30a1\u30a4\u30eb\u3092\u958b\u304d\u307e\u3059 <code data-no-translation=\"\">logo.jpg<\/code> \u753b\u50cf\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u304b\u3089\u3002\u305f\u3060\u3057\u3001\u653b\u6483\u8005\u306f\u300c\u30c9\u30c3\u30c8\u30fb\u30c9\u30c3\u30c8\u30fb\u30b9\u30e9\u30c3\u30b7\u30e5 (..\/)\u300d\u30b7\u30fc\u30b1\u30f3\u30b9\u3092\u4f7f\u7528\u3057\u3066\u89aa\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u306b\u79fb\u52d5\u3057\u3001\u8a31\u53ef\u3055\u308c\u3066\u3044\u306a\u3044\u30d5\u30a1\u30a4\u30eb\u306b\u30a2\u30af\u30bb\u30b9\u3059\u308b\u53ef\u80fd\u6027\u304c\u3042\u308a\u307e\u3059\u3002\u4f8b:<\/p>\n<pre><div class=\"bg-black rounded-md mb-4\"><div class=\"flex items-center relative text-gray-200 bg-gray-800 px-4 py-2 text-xs font-sans justify-between rounded-t-md\"><span>\u30d0\u30c3\u30b7\u30e5<\/span><button class=\"flex ml-auto gap-2\"><svg stroke=\"currentColor\" fill=\"none\" stroke-width=\"2\" viewbox=\"0 0 24 24\" stroke-linecap=\"round\" stroke-linejoin=\"round\" class=\"h-4 w-4\" height=\"1em\" width=\"1em\" ><path d=\"M16 4h2a2 2 0 0 1 2 2v14a2 2 0 0 1-2 2H6a2 2 0 0 1-2-2V6a2 2 0 0 1 2-2h2\"><\/path><rect x=\"8\" y=\"2\" width=\"8\" height=\"4\" rx=\"1\" ry=\"1\"><\/rect><\/svg>\u30b3\u30fc\u30c9\u3092\u30b3\u30d4\u30fc\u3059\u308b<\/button><\/div><div class=\"p-4 overflow-y-auto\"><code class=\"!whitespace-pre hljs language-bash\" data-no-translation=\"\">http:\/\/example.com\/app?file=..\/..\/etc\/passwd\n<\/code><\/div><\/div><\/pre>\n<p>\u3053\u308c\u306b\u3088\u308a\u3001\u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u304c\u6a5f\u5bc6\u6027\u306e\u9ad8\u3044\u30b7\u30b9\u30c6\u30e0 \u30d5\u30a1\u30a4\u30eb\u3092\u8868\u793a\u3059\u308b\u53ef\u80fd\u6027\u304c\u3042\u308a\u307e\u3059\u3002<\/p>\n<h2>\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u30c8\u30e9\u30d0\u30fc\u30b5\u30eb\u653b\u6483\u306e\u4e3b\u306a\u7279\u5fb4<\/h2>\n<ol>\n<li>\n<p><strong>\u5909\u6570\u306e\u64cd\u4f5c:<\/strong> \u30c7\u30a3\u30ec\u30af\u30c8\u30ea \u30c8\u30e9\u30d0\u30fc\u30b5\u30eb\u653b\u6483\u306e\u57fa\u672c\u7684\u306a\u7279\u5fb4\u306f\u3001\u300c\u30c9\u30c3\u30c8 \u30c9\u30c3\u30c8 \u30b9\u30e9\u30c3\u30b7\u30e5 (..\/)\u300d\u30b7\u30fc\u30b1\u30f3\u30b9\u3092\u4f7f\u7528\u3057\u3066\u30d5\u30a1\u30a4\u30eb\u3092\u53c2\u7167\u3059\u308b\u5909\u6570\u3092\u64cd\u4f5c\u3059\u308b\u3053\u3068\u3067\u3059\u3002<\/p>\n<\/li>\n<li>\n<p><strong>\u5236\u7d04\u306e\u89e3\u9664:<\/strong> \u3053\u308c\u306b\u3088\u308a\u3001\u653b\u6483\u8005\u306f\u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u306e\u30eb\u30fc\u30c8 \u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u304b\u3089\u629c\u3051\u51fa\u3057\u3001\u30d5\u30a1\u30a4\u30eb \u30b7\u30b9\u30c6\u30e0\u306e\u4ed6\u306e\u90e8\u5206\u306b\u30a2\u30af\u30bb\u30b9\u3067\u304d\u308b\u3088\u3046\u306b\u306a\u308a\u307e\u3059\u3002<\/p>\n<\/li>\n<li>\n<p><strong>\u5f31\u3044\u691c\u8a3c\u306e\u60aa\u7528:<\/strong> \u30c7\u30a3\u30ec\u30af\u30c8\u30ea \u30c8\u30e9\u30d0\u30fc\u30b5\u30eb\u653b\u6483\u306f\u3001\u30e6\u30fc\u30b6\u30fc\u5165\u529b\u306e\u691c\u8a3c\u307e\u305f\u306f\u30b5\u30cb\u30bf\u30a4\u30ba\u306e\u5f31\u3055\u3092\u60aa\u7528\u3057\u307e\u3059\u3002<\/p>\n<\/li>\n<\/ol>\n<h2>\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u30c8\u30e9\u30d0\u30fc\u30b5\u30eb\u653b\u6483\u306e\u7a2e\u985e<\/h2>\n<p>\u30c7\u30a3\u30ec\u30af\u30c8\u30ea \u30c8\u30e9\u30d0\u30fc\u30b5\u30eb\u653b\u6483\u306e\u80cc\u5f8c\u306b\u3042\u308b\u57fa\u672c\u539f\u7406\u306f\u540c\u3058\u3067\u3059\u304c\u3001\u30b3\u30f3\u30c6\u30ad\u30b9\u30c8\u3068\u554f\u984c\u3068\u306a\u3063\u3066\u3044\u308b\u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u306b\u57fa\u3065\u3044\u3066\u3001\u3055\u307e\u3056\u307e\u306a\u5f62\u3067\u73fe\u308c\u308b\u53ef\u80fd\u6027\u304c\u3042\u308a\u307e\u3059\u3002<\/p>\n<ol>\n<li>\n<p><strong>URL \u30d9\u30fc\u30b9\u306e\u653b\u6483:<\/strong> \u3053\u308c\u3089\u306b\u306f\u3001\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u3092\u30c8\u30e9\u30d0\u30fc\u30b9\u3059\u308b\u305f\u3081\u306b URL \u306b\u60aa\u610f\u306e\u3042\u308b\u5165\u529b\u3092\u633f\u5165\u3059\u308b\u3053\u3068\u304c\u542b\u307e\u308c\u307e\u3059\u3002<\/p>\n<\/li>\n<li>\n<p><strong>\u30d5\u30a9\u30fc\u30e0\u30d9\u30fc\u30b9\u306e\u653b\u6483:<\/strong> \u60aa\u610f\u306e\u3042\u308b\u5165\u529b\u304c\u30d5\u30a9\u30fc\u30e0 \u30d5\u30a3\u30fc\u30eb\u30c9\u306b\u633f\u5165\u3055\u308c\u3001\u8106\u5f31\u306a\u30b5\u30fc\u30d0\u30fc\u5074\u30b9\u30af\u30ea\u30d7\u30c8\u304c\u60aa\u7528\u3055\u308c\u307e\u3059\u3002<\/p>\n<\/li>\n<li>\n<p><strong>Cookie \u30d9\u30fc\u30b9\u306e\u653b\u6483:<\/strong> \u653b\u6483\u8005\u306f Cookie \u3092\u64cd\u4f5c\u3057\u3066\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u3092\u6a2a\u65ad\u3057\u3001\u8a31\u53ef\u3055\u308c\u3066\u3044\u306a\u3044\u30c7\u30fc\u30bf\u306b\u30a2\u30af\u30bb\u30b9\u3057\u307e\u3059\u3002<\/p>\n<\/li>\n<\/ol>\n<table>\n<thead>\n<tr>\n<th>\u30bf\u30a4\u30d7<\/th>\n<th>\u8aac\u660e<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td>URL\u30d9\u30fc\u30b9\u306e\u653b\u6483<\/td>\n<td>\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u3092\u30c8\u30e9\u30d0\u30fc\u30b9\u3059\u308b\u305f\u3081\u306b\u3001URL \u306b\u60aa\u610f\u306e\u3042\u308b\u5165\u529b\u3092\u633f\u5165\u3057\u307e\u3059\u3002<\/td>\n<\/tr>\n<tr>\n<td>\u30d5\u30a9\u30fc\u30e0\u30d9\u30fc\u30b9\u306e\u653b\u6483<\/td>\n<td>\u30d5\u30a9\u30fc\u30e0 \u30d5\u30a3\u30fc\u30eb\u30c9\u306b\u60aa\u610f\u306e\u3042\u308b\u5165\u529b\u3092\u633f\u5165\u3057\u3066\u3001\u30b5\u30fc\u30d0\u30fc\u5074\u30b9\u30af\u30ea\u30d7\u30c8\u3092\u60aa\u7528\u3057\u307e\u3059\u3002<\/td>\n<\/tr>\n<tr>\n<td>\u30af\u30c3\u30ad\u30fc\u30d9\u30fc\u30b9\u306e\u653b\u6483<\/td>\n<td>\u30af\u30c3\u30ad\u30fc\u3092\u64cd\u4f5c\u3057\u3066\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u3092\u6a2a\u65ad\u3057\u3001\u8a31\u53ef\u3055\u308c\u3066\u3044\u306a\u3044\u30c7\u30fc\u30bf\u306b\u30a2\u30af\u30bb\u30b9\u3057\u307e\u3059\u3002<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<h2>\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u30c8\u30e9\u30d0\u30fc\u30b5\u30eb\u653b\u6483\u306b\u95a2\u9023\u3059\u308b\u554f\u984c\u3068\u89e3\u6c7a\u7b56<\/h2>\n<p>\u30c7\u30a3\u30ec\u30af\u30c8\u30ea \u30c8\u30e9\u30d0\u30fc\u30b5\u30eb\u653b\u6483\u306e\u4e3b\u306a\u554f\u984c\u306f\u3001\u6a5f\u5bc6\u30d5\u30a1\u30a4\u30eb\u3084\u30c7\u30fc\u30bf\u3078\u306e\u4e0d\u6b63\u30a2\u30af\u30bb\u30b9\u3067\u3059\u3002\u3053\u308c\u306b\u3088\u308a\u3001\u30c7\u30fc\u30bf\u6f0f\u6d29\u3001\u6a5f\u5bc6\u6027\u306e\u55aa\u5931\u3001\u3055\u3089\u306b\u306f\u653b\u6483\u8005\u306b\u3055\u3089\u306a\u308b\u653b\u6483\u30d9\u30af\u30c8\u30eb (\u69cb\u6210\u30d5\u30a1\u30a4\u30eb\u304b\u3089\u30c7\u30fc\u30bf\u30d9\u30fc\u30b9\u8cc7\u683c\u60c5\u5831\u3092\u53d6\u5f97\u3059\u308b\u306a\u3069) \u3092\u63d0\u4f9b\u3059\u308b\u53ef\u80fd\u6027\u304c\u3042\u308a\u307e\u3059\u3002<\/p>\n<p>\u89e3\u6c7a\u7b56\u3092\u3044\u304f\u3064\u304b\u7d39\u4ecb\u3057\u307e\u3059:<\/p>\n<ol>\n<li>\n<p><strong>\u5165\u529b\u691c\u8a3c:<\/strong> \u30e6\u30fc\u30b6\u30fc\u304c\u5165\u529b\u3057\u305f\u5185\u5bb9\u3092\u78ba\u5b9f\u306b\u691c\u8a3c\u3057\u307e\u3059\u3002\u5165\u529b\u5185\u5bb9\u306b\u300c..\u300d\u3084\u300c\/\u300d\u3092\u4f7f\u7528\u3057\u306a\u3044\u3067\u304f\u3060\u3055\u3044\u3002<\/p>\n<\/li>\n<li>\n<p><strong>\u30a2\u30af\u30bb\u30b9\u5236\u5fa1\uff1a<\/strong> \u9069\u5207\u306a\u30a2\u30af\u30bb\u30b9\u5236\u5fa1\u3092\u5b9f\u88c5\u3057\u307e\u3059\u3002\u30e6\u30fc\u30b6\u30fc\u3092\u8a8d\u8a3c\u3059\u308b\u305f\u3081\u306b\u3001\u6307\u5b9a\u3055\u308c\u305f\u30d5\u30a1\u30a4\u30eb \u30d1\u30b9\u306e\u307f\u306b\u4f9d\u5b58\u3057\u306a\u3044\u3067\u304f\u3060\u3055\u3044\u3002<\/p>\n<\/li>\n<li>\n<p><strong>\u6700\u5c0f\u6a29\u9650\u306e\u539f\u5247:<\/strong> \u5fc5\u8981\u6700\u5c0f\u9650\u306e\u6a29\u9650\u3067\u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u3092\u5b9f\u884c\u3057\u3001\u30c7\u30a3\u30ec\u30af\u30c8\u30ea \u30c8\u30e9\u30d0\u30fc\u30b5\u30eb\u653b\u6483\u306b\u3088\u308b\u6f5c\u5728\u7684\u306a\u640d\u5bb3\u3092\u8efd\u6e1b\u3057\u307e\u3059\u3002<\/p>\n<\/li>\n<\/ol>\n<h2>\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u30c8\u30e9\u30d0\u30fc\u30b5\u30eb\u653b\u6483\u304a\u3088\u3073\u985e\u4f3c\u306e\u7528\u8a9e<\/h2>\n<table>\n<thead>\n<tr>\n<th>\u5b66\u671f<\/th>\n<th>\u8aac\u660e<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td>\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u30c8\u30e9\u30d0\u30fc\u30b5\u30eb\u653b\u6483<\/td>\n<td>\u30e6\u30fc\u30b6\u30fc\u5165\u529b\u624b\u9806\u306e\u8106\u5f31\u6027\u3092\u60aa\u7528\u3057\u3066\u3001\u8a31\u53ef\u3055\u308c\u3066\u3044\u306a\u3044\u30d5\u30a1\u30a4\u30eb\u3084\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u306b\u30a2\u30af\u30bb\u30b9\u3057\u307e\u3059\u3002<\/td>\n<\/tr>\n<tr>\n<td>\u30ea\u30e2\u30fc\u30c8 \u30d5\u30a1\u30a4\u30eb \u30a4\u30f3\u30af\u30eb\u30fc\u30b8\u30e7\u30f3 (RFI)<\/td>\n<td>\u653b\u6483\u8005\u306f\u3001\u30e6\u30fc\u30b6\u30fc\u5165\u529b\u7d4c\u8def\u3092\u5229\u7528\u3057\u3066\u3001\u60aa\u610f\u306e\u3042\u308b\u30b9\u30af\u30ea\u30d7\u30c8\u3092 Web \u30b5\u30a4\u30c8\u306e\u30b5\u30fc\u30d0\u30fc\u306b\u30a2\u30c3\u30d7\u30ed\u30fc\u30c9\u3057\u307e\u3059\u3002<\/td>\n<\/tr>\n<tr>\n<td>\u30ed\u30fc\u30ab\u30eb \u30d5\u30a1\u30a4\u30eb \u30a4\u30f3\u30af\u30eb\u30fc\u30c9 (LFI)<\/td>\n<td>\u653b\u6483\u8005\u306f Web \u30b5\u30a4\u30c8\u3092\u64cd\u4f5c\u3057\u3066\u3001Web \u30b5\u30fc\u30d0\u30fc\u4e0a\u306e\u30d5\u30a1\u30a4\u30eb\u306e\u5185\u5bb9\u3092\u5b9f\u884c\u3057\u305f\u308a\u516c\u958b\u3057\u305f\u308a\u3057\u307e\u3059\u3002<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<h2>\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u30c8\u30e9\u30d0\u30fc\u30b5\u30eb\u653b\u6483\u306b\u95a2\u3059\u308b\u4eca\u5f8c\u306e\u5c55\u671b\u3068\u6280\u8853<\/h2>\n<p>Web \u958b\u767a\u74b0\u5883\u304c\u9032\u5316\u3059\u308b\u306b\u3064\u308c\u3066\u3001\u30c7\u30a3\u30ec\u30af\u30c8\u30ea \u30c8\u30e9\u30d0\u30fc\u30b5\u30eb\u653b\u6483\u3092\u5b9f\u884c\u3059\u308b\u65b9\u6cd5\u3068\u30c4\u30fc\u30eb\u306f\u3088\u308a\u9ad8\u5ea6\u306b\u306a\u308b\u53ef\u80fd\u6027\u304c\u3042\u308a\u307e\u3059\u3002\u305d\u308c\u3067\u3082\u3001\u9632\u5fa1\u306e\u57fa\u76e4\u306f\u3001\u5805\u7262\u306a\u5165\u529b\u691c\u8a3c\u3068\u9069\u5207\u306a\u30b7\u30b9\u30c6\u30e0\u69cb\u6210\u306b\u3042\u308b\u3068\u8003\u3048\u3089\u308c\u307e\u3059\u3002<\/p>\n<p>Web \u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3 \u30d5\u30a1\u30a4\u30a2\u30a6\u30a9\u30fc\u30eb\u3001\u7570\u5e38\u691c\u51fa\u30b7\u30b9\u30c6\u30e0\u3001\u4fb5\u5165\u691c\u77e5\u30b7\u30b9\u30c6\u30e0\u306e\u6a5f\u68b0\u5b66\u7fd2\u30a2\u30eb\u30b4\u30ea\u30ba\u30e0\u306f\u3001\u3053\u306e\u3088\u3046\u306a\u653b\u6483\u306b\u5bfe\u3059\u308b\u5c06\u6765\u306e\u7de9\u548c\u6226\u7565\u306b\u304a\u3044\u3066\u91cd\u8981\u306a\u5f79\u5272\u3092\u679c\u305f\u3059\u53ef\u80fd\u6027\u304c\u3042\u308a\u307e\u3059\u3002<\/p>\n<h2>\u30d7\u30ed\u30ad\u30b7\u30b5\u30fc\u30d0\u30fc\u3068\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u30c8\u30e9\u30d0\u30fc\u30b5\u30eb\u653b\u6483\u306e\u95a2\u4fc2<\/h2>\n<p>\u30d7\u30ed\u30ad\u30b7 \u30b5\u30fc\u30d0\u30fc\u306f\u3001\u30c7\u30a3\u30ec\u30af\u30c8\u30ea \u30c8\u30e9\u30d0\u30fc\u30b5\u30eb\u653b\u6483\u306b\u5bfe\u3059\u308b\u8ffd\u52a0\u306e\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3 \u30ec\u30a4\u30e4\u30fc\u3068\u3057\u3066\u6a5f\u80fd\u3057\u307e\u3059\u3002\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u3068\u30b5\u30fc\u30d0\u30fc\u9593\u306e\u8981\u6c42\u3068\u5fdc\u7b54\u3092\u30d5\u30a3\u30eb\u30bf\u30ea\u30f3\u30b0\u3059\u308b\u3053\u3068\u3067\u3001\u30c7\u30a3\u30ec\u30af\u30c8\u30ea \u30c8\u30e9\u30d0\u30fc\u30b5\u30eb\u653b\u6483\u306e\u7570\u5e38\u306a\u30d1\u30bf\u30fc\u30f3\u3084\u5146\u5019\u3092\u691c\u51fa\u3057\u3001\u30b5\u30fc\u30d0\u30fc\u306b\u5230\u9054\u3059\u308b\u306e\u3092\u9632\u3050\u3053\u3068\u304c\u3067\u304d\u307e\u3059\u3002<\/p>\n<p>\u305f\u3068\u3048\u3070\u3001OneProxy \u306f\u3001\u3053\u306e\u3088\u3046\u306a\u7a2e\u985e\u306e\u653b\u6483\u306b\u5bfe\u3059\u308b\u9632\u5fa1\u6226\u7565\u306b\u304a\u3044\u3066\u91cd\u8981\u306a\u5f79\u5272\u3092\u679c\u305f\u3059\u3053\u3068\u304c\u3067\u304d\u308b\u5f37\u529b\u306a\u30d7\u30ed\u30ad\u30b7 \u30b5\u30fc\u30d0\u30fc \u30bd\u30ea\u30e5\u30fc\u30b7\u30e7\u30f3\u3092\u63d0\u4f9b\u3057\u307e\u3059\u3002<\/p>\n<h2>\u95a2\u9023\u30ea\u30f3\u30af<\/h2>\n<ol>\n<li><a href=\"https:\/\/owasp.org\/www-community\/attacks\/Path_Traversal\" target=\"_new\" rel=\"noopener nofollow\">OWASP \u30d1\u30b9\u30c8\u30e9\u30d0\u30fc\u30b5\u30eb\u653b\u6483<\/a><\/li>\n<li><a href=\"https:\/\/www.acunetix.com\/blog\/articles\/directory-traversal\/\" target=\"_new\" rel=\"noopener nofollow\">\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u30c8\u30e9\u30d0\u30fc\u30b5\u30eb\u653b\u6483\u3068\u305d\u306e\u7de9\u548c\u6280\u8853<\/a><\/li>\n<li><a href=\"https:\/\/cheatsheetseries.owasp.org\/cheatsheets\/File_Path_Traversal_Prevention_Cheat_Sheet.html\" target=\"_new\" rel=\"noopener nofollow\">\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u30c8\u30e9\u30d0\u30fc\u30b5\u30eb\u653b\u6483\u306e\u9632\u6b62<\/a><\/li>\n<li><a href=\"https:\/\/www.owasp.org\/index.php\/Guide_to_Building_Secure_Web_Applications_and_Web_Services\" target=\"_new\" rel=\"noopener nofollow\">\u5b89\u5168\u306a Web \u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u3068 Web \u30b5\u30fc\u30d3\u30b9\u3092\u69cb\u7bc9\u3059\u308b\u305f\u3081\u306e OWASP \u30ac\u30a4\u30c9<\/a><\/li>\n<li><a href=\"https:\/\/www.cloudflare.com\/en-gb\/learning\/security\/glossary\/what-is-a-proxy-server\/\" target=\"_new\" rel=\"noopener nofollow\">\u30d7\u30ed\u30ad\u30b7\u30b5\u30fc\u30d0\u30fc\u3068\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3<\/a><\/li>\n<\/ol>","protected":false},"featured_media":476847,"menu_order":0,"template":"","meta":{"_acf_changed":false,"content-type":"","inline_featured_image":false,"footnotes":""},"class_list":["post-476846","wiki","type-wiki","status-publish","has-post-thumbnail","hentry"],"acf":{"faq_title":"Frequently Asked Questions about <mark>Directory Traversal Attack: An In-Depth Examination<\/mark>","faq_items":[{"question":"What is a Directory Traversal Attack?","answer":"<p>A Directory Traversal Attack, also known as a path traversal attack, is a type of HTTP exploit that allows attackers to access restricted directories and execute commands outside of the web server's root directory. This is accomplished by exploiting insufficient security validation or sanitization of user-supplied input filenames.<\/p>"},{"question":"How did Directory Traversal Attacks originate?","answer":"<p>Directory Traversal Attacks originated during the early days of the internet when web applications began utilizing scripts to access server-side files. As technology progressed and web applications became more complex, the potential for these types of vulnerabilities also increased.<\/p>"},{"question":"How does a Directory Traversal Attack work?","answer":"<p>Directory Traversal Attacks work by manipulating variables that reference files with \"dot-dot-slash (..\/)\" sequences. By exploiting weak security validation or sanitization of user inputs, an attacker can access files and directories outside the webroot folder.<\/p>"},{"question":"What are the key features of Directory Traversal Attacks?","answer":"<p>Key features of Directory Traversal Attacks include the manipulation of variables to traverse directories, the ability to break out of the application's root directory, and the exploitation of weak validation of user inputs.<\/p>"},{"question":"What are the different types of Directory Traversal Attacks?","answer":"<p>Directory Traversal Attacks can be categorized into URL-based, form-based, and cookie-based attacks. In each type, attackers manipulate inputs in different ways to exploit server-side vulnerabilities and traverse directories.<\/p>"},{"question":"How can Directory Traversal Attacks be prevented?","answer":"<p>Directory Traversal Attacks can be prevented through robust input validation, proper access control, and the principle of least privilege. This involves disallowing certain inputs like \"..\" or \"\/\", not relying solely on the supplied file path for user authorization, and running the application with the least privileges necessary.<\/p>"},{"question":"How do Directory Traversal Attacks compare with similar terms like Remote File Inclusion (RFI) and Local File Inclusion (LFI)?","answer":"<p>While Directory Traversal Attacks exploit vulnerabilities to access unauthorized files and directories, Remote File Inclusion (RFI) involves an attacker uploading a malicious script into a website's server, and Local File Inclusion (LFI) manipulates a website into executing or revealing the contents of files on the web server.<\/p>"},{"question":"What are the future perspectives and technologies related to Directory Traversal Attacks?","answer":"<p>Future perspectives suggest that as web development evolves, the methods to perform Directory Traversal Attacks may become more sophisticated. Web application firewalls, anomaly detection systems, and machine learning algorithms could play a significant role in future mitigation strategies against such attacks.<\/p>"},{"question":"How do Proxy Servers help with Directory Traversal Attacks?","answer":"<p>Proxy servers, like OneProxy, can serve as an additional layer of security against Directory Traversal Attacks. By filtering requests and responses between the client and the server, they can help detect unusual patterns or signs of Directory Traversal Attacks, preventing them from reaching the server.<\/p>"}]},"_links":{"self":[{"href":"https:\/\/oneproxy.pro\/jp\/wp-json\/wp\/v2\/wiki\/476846","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/oneproxy.pro\/jp\/wp-json\/wp\/v2\/wiki"}],"about":[{"href":"https:\/\/oneproxy.pro\/jp\/wp-json\/wp\/v2\/types\/wiki"}],"version-history":[{"count":0,"href":"https:\/\/oneproxy.pro\/jp\/wp-json\/wp\/v2\/wiki\/476846\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/oneproxy.pro\/jp\/wp-json\/wp\/v2\/media\/476847"}],"wp:attachment":[{"href":"https:\/\/oneproxy.pro\/jp\/wp-json\/wp\/v2\/media?parent=476846"}],"curies":[{"name":"\u3046\u30fc\u3093","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}