Thursday, October 17, 2013

Directory Browsing Vulnerability | Directory Listing / Traversal Attack | How To | Demo [Screenshots] | Mutillidae

Written by Pranshu Bajpai |  | LinkedIn

As a web application penetration tester, when you find directory browsing enabled on a web server, you include it in your report, but you know exploiting it is a long shot.

The main threat lies in the fact that the attacker can view all the files present on the web directory. This might include PHP files (or files in other web languages). If the attacker is dedicated enough, he will read these PHP codes to figure out a way to circumvent security.

Directory Browsing Vulnerability in Mutillidae

An attacker can review the code behind these PHP scripts to find potential weaknesses

1 comment:

  1. Explains how to make a directory show a list of files without an index file. Crowd No More