Directory Browsing Without Directory ListingĮven if directory listing is disabled on a web server, attackers might discover and exploit web server vulnerabilities that let them perform directory browsing. This is why directory listing should never be turned on, especially in the case of dynamic websites and web applications, including WordPress sites. This means that black hat hackers can also find such files easily. Many web vulnerability scanners such as Acunetix easily discover such directories and all files if directory listing is turned on. They assume that if there are no links to files in a directory, nobody can access them. Many webmasters follow security through obscurity. However, if the index file did not exist and if directory listing was turned on, the web server would return the contents of the directory instead. It is dangerous to leave this function turned on for the web server because it leads to information disclosure.įor example, when a user requests without specifying a file (such as index.html, index.php, or default.asp), the web server processes this request, returns the index file for that directory, and the browser displays the website. Directory listing is a web server function that displays the directory contents when there is no index file in a specific website directory.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |