DerScanner
Home / Vulnerability Database / Config files : File permission manipulation
Config files

Config files : File permission manipulation

Classification

OWASP Top 10 2017
A6-Security Misconfiguration
OWASP Top 10 2021
A1-Broken Access ControlA5-Security Misconfiguration
OWASP ASVS
Access ControlAccess ControlAccess ControlAccess Control
CWE
CWE-23CWE-36

Overview

The application changes the file access permissions. The extra permissions (e.g., the right to execute) for an unlimited number of users can facilitate the organization of the attack.

Unix-like systems use the commands MkdirAll, OpenFile, Chmod for rights management. Here, the “file” is understood in a broad sense - file, directory, socket, symbolic link, etc. For each file there are three groups of users: the file owner (user), the group to which the file owner belongs (group) and the rest (other). Each group can have the following access rights: read, write, and execute (abbreviated as r, w, and x, respectively).

References

  1. Description of core php.ini directives
  2. CWE-23: Relative Path Traversal
  3. CWE-36: Absolute Path Traversal
  4. OWASP Top 10 2021-A5-Security Misconfiguration
  5. OWASP Top 10 2017-A6-Security Misconfiguration
  6. OWASP Top 10 2021-A1-Broken Access Control
MEDIUM

DerScanner Severity Score

Do you want to fix Config files : File permission manipulation in your application?

See also

Config files

Config files : Text4Shell Vulnerability

Config files

Config files : Incorrect directory deletion

Config files

Config files : Code injection