Directory Traversal Attack in Symfony Explained
#cybersecurity#vulnerabilities#symfony#coding
Pentest Testing Corp

Pentest Testing Corp @pentest_testing_corp

About: Discover top free tools for penetration testing and vulnerability assessments on Pentest Testing. Enhance your cybersecurity measures today! Visit https://free.pentesttesting.com/.

Location:
Dhaka, Bangladesh
Joined:
Oct 31, 2024

Directory Traversal Attack in Symfony Explained

Publish Date: May 4
2 0

Directory Traversal Attack in Symfony Explained (With Code Examples)

Symfony is a robust PHP framework used to build secure web applications, but no framework is immune to vulnerabilities if not configured correctly. One of the often-overlooked yet dangerous threats is the Directory Traversal Attack. In this post, we'll break down how such an attack works in Symfony, show you how to exploit and fix it with real code, and introduce a free tool to scan your web apps for this and other vulnerabilities.

Directory Traversal Attack in Symfony Explained

🧰 Tool Highlight: You can run a free website vulnerability scan right now using our tool at https://free.pentesttesting.com/

🐞 What is a Directory Traversal Attack?

A Directory Traversal Attack, also known as Path Traversal, occurs when an attacker manipulates file paths in web requests to access restricted files and directories outside the intended folder.

Example targets:

  • /etc/passwd
  • C:\Windows\win.ini
  • .env files in Laravel/Symfony apps

🚨 Real-World Impact in Symfony

Symfony apps often use file loading features (Filesystem, Finder, or custom file-handling routes). If these aren't properly sanitized, attackers can craft URLs to traverse directories and read sensitive server files.

💻 Vulnerable Symfony Code Example 

// src/Controller/FileViewerController.php

namespace App\Controller;

use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\HttpFoundation\Response;
use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;

class FileViewerController extends AbstractController
{
    public function viewFile(Request $request): Response
    {
        $filename = $request->query->get('file');
        $path = '/var/www/files/' . $filename;

        if (!file_exists($path)) {
            return new Response('File not found.', 404);
        }

        return new Response(file_get_contents($path));
    }
}
Enter fullscreen mode Exit fullscreen mode

Vulnerable to: ?file=../../../../etc/passwd

An attacker can use ../ to escape the intended directory and read sensitive system files.

🛠️ How to Fix It (Secure Code Example)

Always sanitize and validate user input when dealing with file paths.

public function viewFile(Request $request): Response
{
    $filename = basename($request->query->get('file'));
    $path = realpath('/var/www/files/' . $filename);

    if (!$path || strpos($path, realpath('/var/www/files')) !== 0) {
        return new Response('Invalid file path.', 400);
    }

    return new Response(file_get_contents($path));
}
Enter fullscreen mode Exit fullscreen mode

Fix Summary:

  • Use basename() to strip traversal patterns.
  • Validate with realpath() and ensure it stays within the allowed directory.

🆓 Use Our Free Website Security Checker

Don't guess — test your website today! Our Website Vulnerability Scanner scans for over 50+ common vulnerabilities, including:

  • Directory Traversal
  • XSS
  • SQL Injection
  • Insecure HTTP headers

🖼️ A screenshot of the free tool webpage

Screenshot of the free tools webpage where you can access security assessment tools.

After the Scan, You'll get a detailed vulnerability assessment within minutes.

🖼️ A sample screenshot of the vulnerability report generated by our tool to check Website Vulnerbility

An Example of a vulnerability assessment report generated with our free tool, providing insights into possible vulnerabilities.

🧪 Symfony Exploitation with curl

Here’s how a real attack may look using curl:

curl "https://victim.com/view?file=../../../../etc/passwd"
Enter fullscreen mode Exit fullscreen mode

Or, encoded to bypass naive filters:

curl "https://victim.com/view?file=..%2F..%2F..%2F..%2Fetc%2Fpasswd"
Enter fullscreen mode Exit fullscreen mode

🔐 How to Prevent Directory Traversal in Symfony (Checklist)

  • ✅ Always sanitize file inputs using basename() or whitelist validation.
  • ✅ Use realpath() to get absolute paths and validate them.
  • ✅ Deny direct access to critical folders via .htaccess or web server configs.
  • ✅ Implement file type restrictions if files are uploaded/downloaded.
  • ✅ Use Symfony's Filesystem component to handle paths safely.

📣 Our Expert Penetration Testing Services

If you're running a production Symfony app, manual testing goes beyond automated scans. At Pentest Testing Corp., we offer:

  • 🎯 Targeted Web App Penetration Testing
  • 🔍 OWASP Top 10 Coverage
  • 🔐 Business Logic Testing
  • 📄 Detailed Reports & Remediation Assistance

We combine human expertise with automation to detect what scanners often miss.

🔗 Explore more: Web Application Penetration Testing Services

📚 More Security Content

If you’re interested in keeping your Symfony or other PHP apps secure, check out more cybersecurity insights on our official blog:

🔗 https://www.pentesttesting.com/blog/

We cover topics like:

  • Authentication Bypass
  • API Security
  • SSRF & LFI in PHP apps

🚀 Ready to Scan Your Website?

Don’t wait for attackers. Run a free security check now!

Let us help you stay one step ahead. No login or credit card required.

Comments 0 total

    Add comment