Directory Listing

/0 Comments/in /by

Description

Directory listing is a web server function that displays a list of all the files when there is no index file, such as index.php and default.asp in a specific website directory.

Some web administrators do not properly configure web servers to disable the Directory Listing or sometimes do not do it at all.

For instance, administrators may make complex configuration settings, such as to allow directory listing for particular directories or subdirectories. The improper configuration of this task might result in the unexpected and unintended enabling of listing of directories which contain sensitive information.

See how to fix it!

Risk

A user can view a list of all files from this directory, possibly exposing sensitive information.

How to prevent Directory Listing

Prevent Directory Listing in ASP.NET
Prevent Directory Listing in Apache

References

https://www.owasp.org/index.php/OWASP_Periodic_Table_of_Vulnerabilities_…

0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *