CWE-22
ypKChz

CWE-22

Weakness ID:22(Weakness Class)

Status: Draft

pXEgo[T

v

O̓͂ɂpX쐬AꂽefBNgzɈʒut@CfBNgʂ邽߂ɗp悤ȃ\tgEFAɂāApXɊ܂܂ȗvf̖K؂ɍsȂꍇAꂽfBNg̊ÕpX”\łB

ڍׂȉ

ꂽfBNg̊O֔oAVXȇ̃t@CfBNgւ̃ANZX”\ɂ܂BT^Iȓꕶ̗ƂāÃ݂fBNg̐efBNgƂĉ߂ "../" ܂B͑΃pX̃go[TƌĂ΂܂B܂ApXgo[T́A"/usr/local/bin" ̂悤Ȑ΃pXpłA\Ȃt@Cւ̃ANZXɈp܂B͐΃pX̃go[TƌĂ΂܂B

̃vO~OɂāAꂽpXւ null i0 ܂ NULj̑}́A̕ȍ~̐̕؂̂ĂӖ܂BU҂ null ̑}ɂAUł̈L܂BႦ΁ASẴpX ".txt" t^\tgEFAɂU͈͂eLXgt@Ĉ݂Ɍ肵悤ƂꍇłAnull ̑}ɂ肱͎̐㖳܂B

ʖ

fBNggo[T


pXgo[T

"fBNggo[T"  "pXgo[T" ̕܂AUɏœ_ûłB

̕⑫

̐Ǝ㐫ƓlɁÂ͍{IȐƎ㐫ł͂Ȃ삷@ɊÂƂ܂BꕔŌĂ΂Ă"fBNggo[T"Ƃ̂́AfBNgzƂʂȈӖ ".." yѓl̃V[PX̃CWFNV݂̂ɌŷłB

"΃pX" y "hCu" Ƃގ̖̂̓fBNggo[T**܂A".." 邢͓͊̕܂܂Ȃ߁AfBNggo[TƌĂ΂邱Ƃ͂قƂǂ܂B

Ǝ㐫̔

A[LeN`ѐ݌v

YvbgtH[

Ɉˑ

ʓIȉe

 

e󂯂͈ e
S ZpICpNgF̂ȂR[hR}h̎s
U҂́AvO⃉Cû悤ȃR[hsɎgp@t@C̍쐬͏㏑”\łB
S ZpICpNgFt@CfBNg̉
U҂́AvOACudvf[^̂悤ȋ@t@C̍쐬͏㏑”\łBWĨt@CZLeB̃JjYɎgpĂꍇAU҂͂̃JjY邱Ƃ”\ƂȂ܂BႦ΁ApX[ht@C̖ɐVKAJEg邱ƂŁAU҂͔F؂邱Ƃ”\łB
@ ZpICpNgFt@CfBNg̓ǂݎ
U҂́A\Ȃt@C̓eǂނƂ”\łAɔf[^R邱Ƃ”\łBWĨt@CZLeB̃JjYɎgpĂꍇAU҂͂̃JjY邱Ƃ”\ƂȂ܂BႦ΁ApX[ht@C̓ǂݎɂAU҂̓VXẽAJEggpĐN邽߂ɁAu[gtH[XUɂăpX[h𐄑邱Ƃ”\łB
—p ZpICpNgFDoS: crash / exit / restart
U҂̓vOACudvf[^̂悤ȗ\Ȃ@t@CA㏑A폜Aj邱Ƃ”\łBɂ\tgEFA̋@\WAF؂̂悤ȕی상JjY̏ꍇɂ́A\tgEFȂSẴ[UbNAEg”\܂B

 

U󂯂”\

oi

ÓI

ꂽ@ɂApXgo[T̐Ǝ㐫݂GATƂ”\łBŁApXgo[T̐Ǝ㐫菜ƂA\tgEFÅǗ҂[UU”\Ȃ悤ɂėDx邽߂ɂ́A\tgEFÃ`[jOJX^}CYKvƂȂ܂B

LF

蓮ÓI

蓮ɂzCg{bNX@ɂāAԂ̐őSẴt@CANZX]邱ƂłꍇA\ȃR[h͈͂Jo[ŁAtH[X|WeBu邱Ƃ”\łB

LF

ƎȃR[h

 1:

 

ȉ̃R[h́Ae[ŨvtB[񂪌•ʂ̃t@CƂĊi[ĂA\[Vlbg[LOAvP[V̗łBSẴt@C͓̃fBNgɕۑĂ܂B

TvF Perl ij 
my $dataPath = "/users/cwe/profiles";
my $username = param("user");
my $profilePath = $dataPath . "/" . $username;


open(my $fh, "<$profilePath") || ExitError("profile read error: $profilePath");
print "<ul>¥n";
while (<$fh>) {
print "<li>$_</li>¥n";
}
print "</ul>¥n;"

vO} "/users/cwe/profiles/alice" "/users/cwe/profiles/bob" ƂANZXt@Cz肵Ă邽߁A[Up[^̓͂ɂ͈؊mFsĂ܂BU҂͈ȉ̂悤ȕ͂܂B

iUj 
../../../etc/passwd


vO͈ȉ̂悤ȃpX쐬܂B

iʁj 
/users/cwe/profiles/../../../etc/passwd

t@CJƂAIy[eBOVXe̓pX̐Kɂ "../" ̉sAۂɂ͈ȉ̃t@CɃANZX܂B

iʁj 
/etc/passwd


̌ʁAU҂̓pX[ht@C̑SǂނƂ”\ƂȂ܂B

tpX͂A[Ũp[^݂t@C쐬ȂꍇÃR[h error message information leak (CWE-209) ̐Ǝ㐫܂މ”\邱ƂɒӂĂBoꂽt@C̏o̓GR[fBO@ĂāAAvtB[ HTML ܂܂Ăꍇɂ́ANXTCgXNveBO(CWE-79) ̐Ǝ㐫”\܂B̂߁A{Ǝ㐫ɊYt@CȊOɂĂKv܂B

 

 2:

 

ȉ̗ł́AVXevpeBɂfBNVit@Cւ̃pXǂ܂AFile IuWFNg̏Ɏgp܂B

TvF Java ij 
String filename = System.getProperty("com.domain.application.dictionaryFile");
File dictionaryFile = new File(filename);

̃pX́At@CIuWFNg쐬Oɑ΃pX΃pXV[PX܂ނƂh߂́AÓ̊mFCsĂ܂BɂAVXevpeBRg[łlł΁Aǂ̃t@Cgp邩ł܂BpX͂̃AvP[V⃆[Ũz[fBNgɑ΂ĉׂłB

 

 3:

 

ȉ̃R[h́AMłȂ͂󂯎A͂ "../" tB^邽߂ɐK\gpĂ܂B̌Ǎʂɑ΂ /home/user/ fBNgtA̍ŏIʂ̃pX̃t@CǂݍƂĂ܂B

TvF Perl ij 
my $Username = GetUntrustedInput();
$Username =" s/¥.¥.¥///;
my $filename = "/home/user/" . $Username;
ReadAndSendFile($filename);

L̐K\ł g IvV (global match modifier) gpĂȂ߁A"../" ̍ŏ̃CX^X̂ݏ܂B̂߁Aȉ̂悤Ȓl̓͂ɂẮA

iUj 
../../../etc/passwd

P–ڂ "../" Aȉ̌ʂƂȂ܂B

iʁj 
../../etc/passwd

̒l /home/user/ ̌ɕt^Aȉ̌ʂƂȂ܂B

iʁj 
/home/user/../../etc/passwd


ɂAIy[VVXepXɊ܂܂ ../ V[PX߂_ /etc/passwd t@Cǂݎ܂B̖ relative path traversal (CWE-23) N܂B

 

 4:

 

ȉ̃R[h́A͂ꂽpXɑ΂zCgXgɂÓ̌؂sA^ꂽt@Cɑ΂A؂ꂽ폜s܂B̃P[Xł́A"/safe_dir/" Ƃ񂩂n܂ꍇApX͑ÓłƔf܂B

TvFJava ij 
String path = getInputPath();
if (path.startsWith("/safe_dir/"))
{
File f = new File(path);
f.delete()
}

U҂͎̂悤ȓ͂”\łB 
/safe_dir/../important.dat

\tgEFÁApX "/safe_path/" V[PXn܂Ă邽ߑÓłƌȂ܂A "../" V[PXɂefBNg important.dat t@C폜Ă܂܂B

 

 5:

 

ȉ̃R[h́AJava T[ubgɂ鐧ĂȂt@C̃Abv[hAyуpXgo[T̐Ǝ㐫̃fXg[Vs܂BHTML R[h́AOɎtH[ action gt@C̃Abv[hM̗Ɠl̂̂ŁAPHP R[h̑ Java T[ubgp̂łB

TvFHTML iǂj 
<form action="FileUploadServlet" method="post" enctype="multipart/form-data">

Choose a file to upload: 
<input type="file" name="filename"/>
<br/>
<input type="submit" name="submit" value="Submit"/>

</form>


Java T[ubg doPost \bhNGXg󂯎ƂAHTTP NGXgwb_t@CoANGXgꂽt@C̓eǂݍ݁At@C[J̃Abv[hfBNg֏o͂܂B

TvFJava ij 
public class FileUploadServlet extends HttpServlet {
...
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {

response.setContentType("text/html");
PrintWriter out = response.getWriter();
String contentType = request.getContentType();

// the starting position of the boundary header
int ind = contentType.indexOf("boundary="); 
String boundary = contentType.substring(ind+9);

String pLine = new String(); 
String uploadLocation = new String(UPLOAD_DIRECTORY_STRING); //Constant value

// verify that content type is multipart form data 
if (contentType != null && contentType.indexOf("multipart/form-data") != -1) {

// extract the filename from the Http header
BufferedReader br = new BufferedReader(new InputStreamReader(request.getInputStream()));
...
pLine = br.readLine(); 
String filename = pLine.substring(pLine.lastIndexOf("¥¥"), pLine.lastIndexOf("¥""));
...
// output the file to the local upload directory
try {
BufferedWriter bw = new BufferedWriter(new FileWriter(uploadLocation+filename, true));
for (String line; (line=br.readLine())!=null; ) {
if (line.indexOf(boundary) == -1) {
bw.write(line);
bw.newLine();
bw.flush();
}
} //end of for loop
bw.close(); 

} catch (IOException ex) {...}
// output successful upload response HTML page
}
// output unsuccessful upload response HTML page
else 
{...}
}
...
}


̃R[h́Awb_^ꂽt@C̃`FbNs܂B̂ߍU҂ "../" V[PXgpAӐ}fBNg̊Oփt@CނƂ”\łBs‹ɂẮAU҂͔Cӂ̃t@C̓ǂݏAR[hsANXTCgXNveBOiCWE-79jAVXeNbVAlXȌʂ炷Ƃ”\łB

܂ÃR[h̓Abv[ht@C^Cṽ`FbNsĂ܂BɂAU҂͎st@CAӂ̂R[h܂ރt@CAbv[h邱Ƃ”\łiCWE-434jB

 

 

Q ڍ
CVE-2010-0467 Newsletter module allows reading arbitrary files using "../" sequences.
CVE-2009-4194 FTP server allows deletion of arbitrary files using ".." in the DELE command.
CVE-2009-4053 FTP server allows creation of arbitrary directories using ".." in the MKD command.
CVE-2009-0244 OBEX FTP service for a Bluetooth device allows listing of directories, and creation or reading of files using ".." sequences..
CVE-2009-4013 Software package maintenance program allows overwriting arbitrary files using "../" sequences.
CVE-2009-4449 Bulletin board allows attackers to determine the existence of files using the avatar.
CVE-2009-4581 PHP program allows arbitrary code execution using ".." in filenames that are fed to the include() function.
CVE-2010-0012 Overwrite of files using a .. in a Torrent file.
CVE-2010-0013 Chat program allows overwriting files using a custom smiley request.
CVE-2008-5748 Chain: external control of values for user's desired language and theme enables path traversal.

 

Q̊ɘa

tF[YF

헪F ͂̑Ó`FbN
SĂ͈̓͂ӂ̂̂Ƒz肵ĂBdlɌɏ]‚͂̃zCgXggp铙Am̎󂯓Ă͂̑Ó`FbN@pĂBdlɔ͂ۂA邢͓͂dlɓK`ɕωĂBubNXgɈˑĂ܂Aӂ̂A邢͕sȓ͂TƂ݂̂ɗȂłBAubNXg͗\ǓmAɋۂׂsȓ͂肷ۂɖ𗧂܂B

͒l̑Ó`FbNہA֘AȑSĂ̗vfiA̓^CvAel͈̔́A͂̉ߕsA\A֘AtB[hԂ̈ѐAyуrWlX[̈vAjɂ‚člĂBrWlX[̗ƂāA"boat" ͉p܂܂Ȃߍ\IɗLłAJ҂ "red"  "blue" ̂悤ȐF̖Oz肷ꍇɂ͗Lł͂ȂAƂWbN܂B

t@Cɂ́Agp镶ZbgzCgXggpĂB”\ł΁ACWE-23 ̂悤ȐƎ㐫h߂ɁA"." ݂̂t@CɊ܂߂邱Ƃ‚ACWE-36 ̂悤ȐƎ㐫h߂ɁA"/" ̂悤ȃfBNgZp[^O悤ĂB

xFf[^𖳊Qꍇ́AŏIʂ댯Ȍ`ɂȂȂ悤ɂĂBTj^CWOɂA "."  ";" Ȃǂ̊댯ȕ邱Ƃ”\łAU҂ɂATj^CWO@\\Af[^댯Ȍ` "Tj^CWO" ”\܂BU҂t@C "sensitiveFile"  "." }A"sensi.tiveFile" Ƃꍇz肵܂B Tj^CWOɂ댯ȕ "." ƁALȃt@C "sensitiveFile" ƂȂ܂B̓f[^SƔfꂽꍇAt@C̃ZLeB͐NQ܂BCWE-182 (Collapse of Data Into Unsafe Value) QƂĉB

tF[YFA[LeN`ѐ݌v

CWE-602 h߂ɁANCAgōsSẴZLeB`FbNT[ołlɍsĂ邱ƂmFĂBU҂̓`FbNsꂽƂɒl񂷂A邢̓`FbNSɏ邱ƂŁANCAg̃`FbN邱Ƃ”\łB̏ꍇA񂳂ꂽlT[oɑM܂B

tF[YF

헪F͂̑Ó`FbN
͂ꂽpX̑ÓmFOɁAAvP[V̓\ɃfR[hAKĉBdfR[hɒӂĉBÓ̊mF̌Ɋ댯ȓ͂荞݁AzCgXgɂ錟؂”\܂B

KꂽpX񋟂ArhC̃pX̐K֐iFC realpath() jgpĂB ".." V[PXV{bNNiCWE-23ACWE-59jʓIɍ폜܂BK֐͈ȉ̂̂܂݂܂F
ECF realpath()
EJavaF getCanonicalPath()
EASP.NETF GetFullPath()
EPerlF realpath() or abs_path()
EPHPF realpath()

tF[YFA[LeN`ѐ݌v

헪F CuAt[[N
{Ǝ㐫̔hA邢͖{Ǝ㐫₷\񋟂A\ɌꂽCut[[NgpĂB

tF[YFIy[V

헪F t@CAEH[
{Ǝ㐫ɑ΂UmAvP[Vt@CAEH[gpĂBiT[hp[eBǗɂjR[hCłȂꍇɂāA葍Iȃ\tgEFA̕ۏ؎iƂȂ邽߁Aً}ƂāA܂͑wh̖ړIƂČʓIłB

LF
AvP[Vt@CAEH[͑SĂ̓̓xN^[ԗ邱ƂłȂ”\܂BāA͂؂鏈ɑ΂ĕsȌ`̓͂ɂAh䃁JjYI񂷂悤ȍsׂ”\łB@\ɂẮAAvP[Vt@CAEH[͕spӂɐȃNGXgہA܂͏CĂ܂”\܂BŏIIɁA蓮ɂJX^}CYKvłB

tF[YFA[LeN`ѐ݌vAIy[V

헪F ‹̋
Kvȃ^XNs邽߂ɋ߂ŏ̌gpăR[hsĂB”\ł΁A‚̃^XN݂̂ɎgpA肵PƂ̃AJEg쐬ĂBɂAUꍇłAɑ̃\tgEFA₻̊‹փANZX邱Ƃ͖hƂł܂BႦ΁AɓIȃIy[VɂāA߂Ƀf[^x[X̊ǗҌKvƂȂf[^x[XAvP[V܂B

tF[YFA[LeN`ѐ݌vAIy[V

헪F ϊɂ鋭
t@CURL̂悤ȏɓKIuWFNgĂꍇA邢͊młꍇAŒ肵͒liIDjۂ̃t@CURL̃}bsO쐬AȊO̓͂ۂĂB
Ⴆ΁AIDP "inbox.txt" ɁAIDQ "profile.txt" Ƀ}bvĂ܂BESAPI AccessReferenceMap ̂悤ȋ@\͂̋@\񋟂܂B

tF[YFA[LeN`ѐ݌v

헪F Th{bNXAJail
vZXƃIy[eBOVXe̊ԂŌdȋE "jail" AގTh{bNX‹̒ŃR[hsĂBɂAX̃fBNgɂĂǂ̃t@Cɑ΂ANZX”\A邢́Ã\tgEFAɂĂǂ̃R}hs”\ʓIɐ”\łB

OSx̗ƂāAUnix chroot jailAAppArmor y SELinux ܂BʓIɁA}l[WhR[h͂‚̖h@\񋟂܂BႦ΁AJava SecurityManager ̎ java.io.FilePermission ́At@Cɂ鐧w肷邱Ƃ”\łB

́Aӂ킵ł͂Ȃ”\܂B܂AIy[eBOVXeւ̔Q肷邾łAc̃AvP[V͐NQ̑Ώۂ̂܂܂łB

CWE-243 yт̑ jail Ɋ֘AƎ㐫̉ɂ͒ӂĂB

tF[YFA[LeN`ѐ݌vA

헪F Uʂ̓Ək
”\ł΁ACut@CAinclude t@Cyу[eBeBt@C web hLg root ̊OɕۊǂĂB邢́AU҂ڂ̃t@Cv邱Ƃh߂ɁAfBNgɕۊǂ web T[õANZX@\gpĂBʓIȕ@̈‚ƂẮAꂼ̌ĂяovOɌŒ̒萔`ACu include t@Cɒ萔݂邩`FbN܂B萔݂ȂꍇÃt@C͒ڗvꂽ̂łAɏI”\łB

ɂAU҂include t@Cɂ͂Ȃx[XvOɂAh䃁JjY@𒘂邱Ƃ”\łB܂AɂŜɂU”\Ȗʂ邱Ƃ”\łB

tF[YF

G[bZ[WΏۂƂȂǎ҂ɂƂĂ̂ݗLvȁAŏ̏ڍ׏񂵂܂܂ȂƂmFĂBbZ[W͓KxɞBɂȂ悤oXKv܂BG[e𔻕ʂ@JKv͕K܂B̂悤ȏڍ׏͍U@𑝂₷߂̍U@̉ǂɗp”\܂B

AG[ڍׂǐՂKvꍇAObZ[WɋL^悤ɂĂBAU҂ObZ[W{”\łꍇɉN邩lĂBǂȌ`łĂpX[ĥ悤ȋɔ񂪋L^邱Ƃׂ͔łB܂A[ULۂƂAU҂ɓ̍\ق̂߂Ă܂悤ȁAѐ̂ȂbZ[WɂȂȂ悤ĂB

pXgo[T̔wiɂāApX̏J悤ȃG[bZ[ẂAU҂ɂt@CVXeKwړ悤ȍU̍쐬𑣂Ă܂”\܂B

tF[YFIy[Vю

헪F ‹̋
PHP gpĂꍇ́Aregister_globals gpȂ悤ɃAvP[Vݒ肵ĂBɂẮA̋@\ɗȂ悤AvP[VJĂBregister_globals ̗ގ@\̎ɂĂ CWE-95ACWE-261 yїގƎ㐫̑ΏۂƂȂȂ悤xĂB

̑̕⑫

sSȐƎ㐫͂̕܂͕񍐂ɂAe^鈟̓肪ȏꍇ܂BႦ΁A"..\" ɂ‚āA̐Ǝ㐫wEAl̐Ǝ㐫 "../" ɂ‚Ă͌؂ĂȂꍇ܂B

ȉ̍ڂׂ̂Ă̑g̓pXgo[T̈ƂȂ”\܂BCVE-2004-0325 ɂĕ񍐂ꂽ "//../" ́Aꗗɂ͂܂B

ɂ鑼̐Ǝ㐫Ƃ̈ˑ֌W

 

ˑ֌W ڍ
ƗI ̐Ǝ㐫̗LɊ֌WAƗĔ
ˑI ̐Ǝ㐫݂邱Ƃɂ蔭

 

֌W

 

Nature Type ID Name View(s) this relationship pertains to
ChildOf Category 21 Pathname Traversal and Equivalence Errors Development Concepts (primary)699
ChildOf Category 632 Weaknesses that Affect Files or Directories Resource-specific Weaknesses (primary)631
ChildOf Weakness Class 668 Exposure of Resource to Wrong Sphere Research Concepts1000
ChildOf Weakness Class 706 Use of Incorrectly-Resolved Name or Reference Research Concepts (primary)1000
ChildOf Category 715 OWASP Top Ten 2007 Category A4 - Insecure Direct Object Reference Weaknesses in OWASP Top Ten (2007) (primary)629
ChildOf Category 723 OWASP Top Ten 2004 Category A2 - Broken Access Control Weaknesses in OWASP Top Ten (2004) (primary)711
ChildOf Category 743 CERT C Secure Coding Section 09 - Input Output (FIO) Weaknesses Addressed by the CERT C Secure Coding Standard (primary)734
ChildOf Category 802 2010 Top 25 - Risky Resource Management Weaknesses in the 2010 CWE/SANS Top 25 Most Dangerous Programming Errors(primary)800
ChildOf Category 813 OWASP Top Ten 2010 Category A4 - Insecure Direct Object References Weaknesses in OWASP Top Ten (2010)(primary)809
ParentOf Weakness Base 23 Relative Path Traversal Development Concepts (primary)699
Research Concepts (primary)1000
ParentOf Weakness Base 36 Absolute Path Traversal Development Concepts (primary)699
Research Concepts (primary)1000
MemberOf View 635 Weaknesses Used by NVD Weaknesses Used by NVD (primary)635
CanFollow Weakness Class 20 Improper Input Validation Research Concepts1000
CanFollow Weakness Class 73 External Control of File Name or Path Research Concepts1000
CanFollow Weakness Class 172 Encoding Error Research Concepts1000

 

֌W̕⑫

pX̓ĺAKG[̈Ƃ݂Ȃꍇ܂B

pXƓ̖̂̂‚́AړIɂ̓fBNggo[TƊ֌W͂ȂAނAU҂̃t@CAfBNgւ̃ANZX”ۂ𔻒f邽߂̃ZLeB֘Ã`FbN邽߂ɗpĂ܂B

v iCWE ̌j

pXgo[TȖ̎ނɂẮArootN̂ɊւĖłBCWE-790 y CWE-182 ͂̃Mbv̈ꕔ𖄂ߎn߂Ă܂B

e󂯂VXe\[X

t@C/fBNg

֘AvpeB

Equivalence

@\

t@C

̐

m

gDł̕

 

gD܂͑gDł̕ m[h ID CWE̕ނƂ̓Kx ޖ
PLOVER Path Traversal
OWASP Top Ten 2007 A4 CWE̕ڍ Insecure Direct Object Reference
OWASP Top Ten 2004 A2 CWE̕ڍ Broken Access Control
CERT C Secure Coding FIO02-C Canonicalize path names originating from untrusted sources
WASC 33 Path Traversal

 

֘AUp^[

 

CAPEC-ID Up^[ (CAPEC Version 1.5)
23 File System Function Injection, Content Based
64 Using Slashes and URL Encoding Combined to Bypass Validation Logic
78 Using Escaped Slashes in Alternate Encoding
79 Using Slashes in Alternate Encoding
76 Manipulating Input to File System Calls
139 Relative Path Traversal

 

Q

[REF-11] M. Howard and D. LeBlanc. "Writing Secure Code". Chapter 11, "Directory Traversal and Using Parent Paths (..)" Page 370. 2nd Edition. Microsoft. 2002.  
[REF-17] OWASP. "OWASP Enterprise Security API (ESAPI) Project". <http://www.owasp.org/index.php/ESAPI>.
OWASP. "Testing for Path Traversal (OWASP-AZ-001)". <http://www.owasp.org/index.php/Testing_for_Path_Traversal_(OWASP-AZ-001)>.
Johannes Ullrich. "Top 25 Series - Rank 7 - Path Traversal". SANS Software Security Institute. 2010-03-09. <http://blogs.sans.org/appsecstreetfighter/2010/03/09/top-25-series-rank-7-path-traversal/>.

XV

[2011N0421]
  2010N1012_̃f[^ɍXV
[2009N0629]
  2009N0202_̉L URL ɍ쐬
    http://cwe.mitre.org/data/definitions/22.html

o^ 2011/04/21

ŏIXV 2023/04/04