Sensitive Data Exposure
Sensitive Data Exposure via Directory Listing Enabled
Overview of the Vulnerability
Sensitive data can be exposed by web servers which list the contents of directories that do not have an index page, which increases the exposure of files that are not intended to be accessed. Within this application, sensitive data has been exposed through a directory listing being enabled. This allows an attacker to quickly identify resources of a specific path, or gain access to data stored in the directory by browsing to the directory listing.
Business Impact
Data exposure could result in reputational damage for the business through the impact to customers’ trust. The severity of the impact to the business is dependent on the sensitivity of the data being stored in the directory listing.
Steps to Reproduce
Using a browser, navigate to the following URL to find that directory listing is enabled:
{{URL}}
Proof of Concept (PoC)
The screenshot below demonstrates the sensitive data found:
{{screenshot}}
Guidance
Provide a step-by-step walkthrough with a screenshot on how you exploited the vulnerability. This will speed triage time and result in faster rewards.
Include a statement which demonstrates the sensitivity of the data found within the directory listing.
Attempt to escalate the vulnerability to perform additional actions. If this is possible, provide a full proof-of-concept.
Recommendation(s)
The server should be configured to not enable directory listings by default. Additionally, important directories and files should have strong authorization requirements.
It is recommended that all servers are managed through a repeatable configuration process which covers server hardening, updates, security headers, and segmentation. A regularly scheduled verification process should be utilized to test the effectiveness of the configurations and settings.
Last updated