https://github.com/qeeqbox/directory-listing

A threat actor may list files on a misconfigured server
https://github.com/qeeqbox/directory-listing

directory infosecsimplified listing qeeqbox vulnerability

Last synced: 3 months ago
JSON representation

A threat actor may list files on a misconfigured server

• Host: GitHub
• URL: https://github.com/qeeqbox/directory-listing
• Owner: qeeqbox
• License: agpl-3.0
• Created: 2022-04-29T04:42:46.000Z (about 3 years ago)
• Default Branch: main
• Last Pushed: 2024-01-29T01:05:58.000Z (over 1 year ago)
• Last Synced: 2025-01-16T05:55:52.534Z (4 months ago)
• Topics: directory, infosecsimplified, listing, qeeqbox, vulnerability
• Homepage:
• Size: 156 KB
• Stars: 3
• Watchers: 1
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

        
 


A threat actor may list files on a misconfigured server.

## Example #1

1. Threat actor scans server for "index of"

2. Threat actor finds misconfigured server and scrapes some sensitive data

## Impact

High

## Risk

- Data theft

## Redemption

- Deactivate directory listing

## ID

f51859e9-1f29-4224-accd-976ab70e81c1

## References

- [tadgroup](https://www.tadgroup.com/resources/wiki/application-vulnerabilities/directory-listing-and-information-disclosure)