Directory Listing To Sensitive Files Exposure



Vulnerability : Directory Listing  

since the website is priva8  and couldn't be disclose lets name it Redacted.com
While surfing across a website i came to know that website was vulnerable to Directory Listing . since the website was using Wordpress as the cms i knew i couldn't find something else as it was already uptodate and didnt found anything interesting at : Redacted.com/wp-content/uploads/ , i decided to enumerate the directories manually since i didn't had access to dirbuster at that time. i found out some dirs like Redacted.com/images,Redacted.com/assets, and the fishy one "Redacted.com/uploads ". the Redacted.com/uploads included alot of images and three dirs "stores,shipments,voucher :

 nothing saucy was found in "Redacted.com/uploads/stores" therefore i opened voucher and BOOM! 
there were some backup files (not sure of it but were sensitive & left  public ) i.e *idh anyother screenshots as it was not ethical to* :

 and hence this vulnerability  got patched by just adding option -indexes in the .htaccess


TIMELINE :


  • Report sent @26 march 2018 
  • Bug Fixed @28 march 2018
  • Disclosure Allowed @3 April 2018


Comments

Popular posts from this blog

MANGOBAAZ HACKED | XSS TO CREDENTIALS EXPOSURE TO PWN

UBISOFT | BLIND XSS TO CUSTOMER SUPPORT PANEL TAKEOVER

Recon To Admin Creditionals Disclosure