Directory Traversal/Command Injection
Directory Traversal and Command Injection: If an attacker is able to gain access to restricted directories (such as the root directory) through HTTP, it is known as a directory traversal attack.
If the attackers can gain access to the root directory of a system (which is limited from all but administrative users), they can essentially gain access to everything on the system.
Bear in mind that the root directory of a website is far from the true root directory of the server; an absolute path to the site’s root directory is likely to be something in IIS (Internet Information Server), such as C:\inetpub\wwwroot.
If an attacker can get out of this directory and get to C:\windows, the possibility for inflicting harm is increased exponentially.
One of the simplest ways to perform directory traversal is by using a command Injection attack that carries out the action.
For example, exploiting a weak IIS implementation by calling up a web page along with the parameter cmd.exe?/c+dir+c:\ would call the command shell and execute a directory listing of the root drive (C:\).
With Unicode support, entries such as %C%1C and %C%af can be translated into / and \ respectively.
The ability to perform command injection is rare these days. Most vulnerability scanners will check for weaknesses with directory traversal/command injection and inform you of their presence.
To secure your system, you should run such a scanner and keep the web server software patched.