What is Directory Browsing Vulnerability? (Practical Explanation) - 💀 𝒸ʸ𝐛ᵉℝ-匚𝑜𝐝€ＲＣ๏𝕞𝕞𝓤ｎᎥᵗＹ💀

Members Login

Post Info TOPIC: What is Directory Browsing Vulnerability? (Practical Explanation)

cYber-coder

Senior Member

Status: Offline

Posts: 326

Date: December 14th

What is Directory Browsing Vulnerability? (Practical Explanation)	Permalink Closed

Hello dear TurkHackTeam members, in this post I will talk about Directory Browsing Vulnerability and try to explain what kind of data you can access by using this vulnerability. Directory Browsing Vulnerability is a web security vulnerability . This vulnerability occurs when the indexing structure is allowed on web servers. In this way, the attacker can access the files and folders on the server and learn information, download files or detect other vulnerabilities on the server. The main reason for this vulnerability is that the web servers are not configured properly and the directory is listed to the user due to the lack of files such as index.html / index.php . We can explain an example situation as follows; URL: Output : `http://aciklisite.com/files/` Code: `Index of /files/ - Rapor2024.pdf - profil.jpg - backup.zip - db.sql` If the attacker or user sees the page this way, good luck, the 4 files in the example can be accessed and downloaded by everyone. How to Prevent Directory Browsing Vulnerability? 1. Disable Directory Browsing The directory browsing feature may be active by default on web servers ( such as Apache , Nginx ), we should check this and disable it if it is on. Add the following line to the httpd.conf or .htaccess file for the Apache server ; Code: `Options -Indexes` For the Nginx server, add this line; Code: `autoindex off;` After performing these operations, be sure to put an empty index.html page in all your directories, this will prevent the listing of directory content. 2. Hide Your Sensitive Data Do not keep your critical, confidential or sensitive data in a directory open to the internet. 3. Control Directory Accesses Always use an authorization system for directory accesses and perform regular security tests. So let's get to the main topic, how to exploit Directory Browsing Vulnerability ? First of all, we do a small dork search on Google , let me share a few dorks with you; Code: `intitle:"index of /" "parent directory" intitle:"index of /" "uploads" intitle:"index of /" "backup" intitle:"index of /" "config" intitle:"index of /" "secret" OR "password" OR "credentials" OR "log" intitle:"index of /" "images" OR "files" OR "documents"` I entered the second page that appeared using the first dork and started to examine the directories, the link of the site I entered is as follows; URL:`http://okm.si/files/` I skipped all the numerical folders and went all the way to the bottom and found a few directories that I might need; Let's go into the backups/ directory and examine the .sql files a little bit, maybe we can reach the critical data; As you can see, we have a nice SQL Dump , let's think about what we can look at here, let's search for users , admin , mail , email ; As you can see, we have already reached the most critical information. Directory Browsing Vulnerability is a situation that seems insignificant and weak but is very important and dangerous, and it is really important to be able to exploit and use this situation. __________________

Page 1 of 1 sorted by

Tweet this page

Post to Digg

Post to Del.icio.us

Create your own FREE Forum
Report Abuse