Severity: Medium
Test name: Directory Listing
Test ID: directory_listing
Directory Listing vulnerability allows showing a list of directories and files on the server side for a directory path specified in the URL. The web server on the victim site can be configured to list the directory content if an index file (such as "index.html", "index.php", "default.jsp") does not exist. Even when the directory listing is disabled, an attacker is able to use search engines with a combination of the victim’s domain name to find the directory content for the target path which had previously enabled the directory listing setting. In addition, an attacker may guess the location of sensitive files using automated tools.
This vulnerability allows an attacker to:
- Expose directory architecture of the web application
- Get file information (filename, creation time, size)
- Gain source code of your application or configuration files
- Determine used third party libraries and their versions
- Download logs or database dumps
- The directory listing is enabled on the web server where your website is located. The "config" folder is in the web root folder and does not have an index file.
- A user makes the following request:
https://www.{your_web_site}.com/config
- The response shows the directory content of the "config" folder :
.git/ 2021-05-01 17:00 -
environment/ 2021-05-01 17:00 -
db.php 2021-05-01 17:00 333
params.php 2021-05-01 17:00 3.3K
db_dump.sql 2021-05-01 17:00 300K
install.log 2021-05-01 17:00 30M
The issue can be found in the server configuration.
- CWE-548
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
