VDP-VITBHOPAL
commented
1 year ago We have develop the issue now the sdc team is fixing the issue once its fixed will let you know
Closed SomnathDas closed 8 months ago
VDP-VITBHOPAL
commented
1 year ago We have develop the issue now the sdc team is fixing the issue once its fixed will let you know
VDP-VITBHOPAL
commented
1 year ago Issue have been resolve kindly provided the Name and a social handle FOR HOF Page
CWE-548: Exposure of Information Through Directory Listing
https://cwe.mitre.org/data/definitions/548.html
Directory Indexing
It allows us to navigate the folder and access files that may contain sensitive information or vulnerable code.
I've found a public IP address related to vitbhopal.online domain which does not restrict access to resources such as source code, student data, hostel data, etc.
db.sql contains personal data related to students, faculties and hostel staffs.intranet.tar.gzcontains entire source code forvitbhopal.online portal.And other files may contain more information regarding the university itself. Also, It is highly likely that there are more
web-serversrelated to domain names under VIT-B out in the open with this issue.To Reproduce
You can use censys.io or any other preferred tool to search for
hostsunder domain names.Expected behavior
You should not be able to see the directory listing.
Screenshots
Solution
It is best practice to disable directory indexing on web servers so a potential attacker cannot gain direct access to any files or folders other than those necessary for the website to function properly.