WordPress – Directory Listing

Description

During the scan, Kayran managed to find the WordPress – Directory Listing vulnerability.
Directory listing allows a potential attacker to access and navigate through folders and files of the system. Any sensitive resources should be access-controlled, and should not be accessible to any unauthorized personal.

Exploiting the WordPress – Directory Listing, an attacker could guess the location of sensitive files using automated tools and access these files, this may lead to data being disclosed to him, which can cause further, more extensive damage.

Directory listing is a type of Web page that lists files and directories that exist on a Web server.
Organized to be navigated by clicking directory links, directory listings commonly have a title that describes the current directory, a list of files, and directories that can be clicked.

Severity/Score

Average Score – 5.3 Medium

Recommendation

Make sure that only authorized personal has access to this directory and hide all the records related to the files inside it.

References

https://cwe.mitre.org/data/definitions/548.html

https://cwe.mitre.org/data/definitions/538.html

< Return to all Vulnerabilities

APT vs. ATP

In this article we will talk about APT vs. ATP. In other words, Advanced Persistent Threat and Advanced Threat Protection and the context between these

Read More »

Passwords 101

Unlike basketballs, “passwords” are things we don’t want to be passed around, especially in a society built around the idea that “mystery” is appealing. We

Read More »