Information Exposure Through Directory Listing in https://ftp.mozilla.org/
Categories
(Websites :: Other, task)
Tracking
(Not tracked)
People
(Reporter: thisboycanhacktoo, Unassigned)
References
(Blocks 1 open bug, )
Details
(Keywords: reporter-external, Whiteboard: [reporter-external] [web-bounty-form] [verif?])
Hello MOZILLA Security team,
I'm Aniket Shrungare
VULNERABILITY: Information Exposure Through Directory Listing
Vulnerable url:
https://ftp.mozilla.org/pub/
Vulnerability description:
The web server is configured to display the list of files contained in this directory. This is not recommended because the directory may contain files that are not normally exposed through links on the web site.
The impact of this vulnerability:
A user can view a list of all files from this directory possibly exposing sensitive information.
How to fix this vulnerability:
You should make sure the directory does not contain sensitive information or you may want to restrict directory listings from the web server configuration.
NOTE: SCREENSHOTS OF POC IS ATTACHED BELOW !!
Regards,
Aniket Shrungare
Comment 1•2 years ago
|
||
The /pub/
directory on the FTP server is mean to be public (pub
is short for public). Directory listing is desired.
Thank you for the report though, because as you say, in other instances, if this were unintentional, it could reveal sensitive information.
Updated•2 years ago
|
Updated•1 years ago
|
Updated•4 months ago
|
Description
•