Now the attacker has the connection details to the web application’s database, allowing them to possibly damage the database or the web application thanks to these credentials. secret/ he can see and download the backup files, which contains the database connection details. If the attacker finds the secret folder by crawling or fuzzing, when he tries to access it directly, e.g. Let’s assume that a backup copy of the file config.php, in which the credentials for a database connection are kept in, is in the secret folder, which has directory listing enabled. What information is leaked via directory listing and what is the risk? ![]() However, the good news is that these types of issues can be easily identified with an automated web vulnerability scanner. Directory listing issues are the type of issues that an SSL certificate won't protect you from. ![]() This creates an information leakage issue and attackers can use such information to craft other attacks, including direct impact vulnerabilities such as XSS.Īs you can see from the picture above, the directory listing feature generates an output similar to the dir or ls command that is run on an operating system. Therefore, if a request is made to a directory on which directory listing is enabled and there is no index file such as index.php or index.asp, the web server will return a directory listing, even if the directory contains files from a web application. Disable directory listing on Apache serverĭirectory listing is a web server feature that, when enabled, lists the content of a directory with no index file (e.g.Disable directory listing on Microsoft IIS server.Disable directory listing on Lighttpd server.Disable directory listing on LiteSpeed server. ![]()
0 Comments
Leave a Reply. |