WordPress – Directory Listing

Description

During the scan, Kayran managed to find the WordPress – Directory Listing vulnerability.
Directory listing allows a potential attacker to access and navigate through folders and files of the system. Any sensitive resources should be access-controlled, and should not be accessible to any unauthorized personal.

Exploiting the WordPress – Directory Listing, an attacker could guess the location of sensitive files using automated tools and access these files, this may lead to data being disclosed to him, which can cause further, more extensive damage.

Directory listing is a type of Web page that lists files and directories that exist on a Web server.
Organized to be navigated by clicking directory links, directory listings commonly have a title that describes the current directory, a list of files, and directories that can be clicked.

Recommendation

Make sure that only authorized personal has access to this directory and hide all the records related to the files inside it.

References

https://cwe.mitre.org/data/definitions/548.html

< Return to all Vulnerabilities

SQLI to RCE

How to preform SQLI TO RCE? One of the most interesting and important things about any site is the database. So, it’s important to protect

Read More »

Active Directory Hacking

What does Active Directory mean? The Active Directory infrastructure is a critical infrastructure in most organizations, and it forms the backbone of the organization’s computing

Read More »