Non Sensitive Data Exposure
Non-Sensitive Data Exposure
Overview of the Vulnerability
Web servers can list the contents of directories which do not have an index page. This increases the exposure of data which are not intended to be accessed. An attacker can quickly identify resources of a specific path or gain access to sensitive data stored in the directory.
Vulnerability Specifics to the Application:
Sensitive data was exposed on {{target}} by {{action}}.
Business Impact
Depending on the type of data found in the directory listing, exposure of this information could lead to financial loss and reputational damage of {{customer-name}} and their users.
Steps to Reproduce
Using {{browser-used}}, navigate to the following URL(s) to find the following directory indexing is enabled:
{{value}}
The non-sensitive information was discovered by performing {{action}}
The following sensitive data was discovered:
{{sensitive-data-type(s)}}
Proof of Concept (PoC)
An attacker can leverage this non-sensitive data to {{action}}. The image(s) below demonstrates the information found:
{{screenshot}
Guidance
Provide a step-by-step walkthrough with a screenshot on how you exploited the vulnerability. This will speed triage time and result in faster rewards.
Include a statement which demonstrates the type of data found within the directory listing.
Attempt to escalate the vulnerability to perform additional actions. If this is possible, provide a full Proof of Concept.
Recommendation(s)
The server should be configured to not enable directory listings by default. Additionally, important directories and files should have strong authorization requirements.
It is recommended that all servers are managed through a repeatable configuration process which covers server hardening, updates, security headers, and segmentation. A regularly scheduled verification process should be utilized to test the effectiveness of the configurations and settings.
Last updated