Medium Severity
🟡 Directory Listing Enabled
🧠 Description
Directory listing is enabled on the web server, allowing attackers to view the contents of directories that don't have an index file. This exposes sensitive files, backup files, and application structure.
Impact: Sensitive File Disclosure, Source Code Exposure, Backup Discovery
🎯 Attack Surface
- Any directory without index.html/index.php
- /uploads/, /images/, /assets/
- /backup/, /logs/, /config/
- /docs/, /admin/, /api/
🛡️ Mitigation
✅ Disable directory listing in web server config
✅ Place index.html in all directories
✅ Use .htaccess to disable Options Indexes
✅ Restrict access to sensitive directories
✅ Place index.html in all directories
✅ Use .htaccess to disable Options Indexes
✅ Restrict access to sensitive directories