Firefox Directory Traversal Example.

Publicated on : 1188256700
I thought it would be a good idea to show a fairly simple directory traversal within Firefox. Although they have done some really hard work in protecting from traversing the file system, they forgot one. This is a classic by the way because it is in an encoded form. Normally you would have to type dots and a slash in order to traverse a folder. This time we encode the dot, now it's really hard to exploit this because they won't allow slashes to be entered after it. So this isn't a dangerous thing yet. Still, it is default browser/os behavior to add a slash after it and makes this a valid directory traversal and can be performed remotely.

This is not allowed:

resource:///../../
resource:///../
resource:///..

This is allowed and a valid directory traversal which they forgot:

resource:///%2e%2e

Try this to see the ending slash:

view-source:resource:///%2e%2e

That should look like: 300: file:///C:/PROGRA~1/MOZILL~1/../
which lands inside the program files directory.