WordPress – Directory Listing

Description

During the scan, Cytrix managed to find the WordPress – Directory Listing vulnerability.
Directory listing allows a potential attacker to access and navigate through folders and files of the system. Any sensitive resources should be access-controlled, and should not be accessible to any unauthorized personal.

Exploiting the WordPress – Directory Listing, an attacker could guess the location of sensitive files using automated tools and access these files, this may lead to data being disclosed to him, which can cause further, more extensive damage.

Directory listing is a type of Web page that lists files and directories that exist on a Web server.
Organized to be navigated by clicking directory links, directory listings commonly have a title that describes the current directory, a list of files, and directories that can be clicked.

Severity/Score

Average Score – 5.3 Medium

Recommendation

Make sure that only authorized personal has access to this directory and hide all the records related to the files inside it.

References

https://cwe.mitre.org/data/definitions/548.html

https://cwe.mitre.org/data/definitions/538.html

< Return to all Vulnerabilities

Explaining API

We’ve talked about API’s Vulnerability in here, but i feel like there’s much more to talk about and explain since this is a big and

Read More »

Blue Team

We’ve talked about The Red Team before, but what about The Blue Team? How is this group different from the red one? Why would we

Read More »