We covered Directory Browsing and Spidering by using and solving Challenge 001 in OWASP Hackademic free lab.

Directory Browsing & Listing

An attacker can simply browse all the files inside the impacted folders when there is a directory listing vulnerability, which occurs when the website displays the contents of its directories. This frequently results in the public exposure of sensitive items, including internal reports, logs, backups, and even the application’s source code.

Similar to a shared folder or FTP server, directory listing is a webserver function that can assist users in browsing a website’s content. Although this functionality can be enabled for valid reasons, it is more often accidentally enabled because it is the default web server configuration. To make sure that no directories, current or future, are exposed, you want to think about turning it off for the entire program.

Get OSCP Certificate Notes

The Complete Practical Web Application Penetration Testing Course

Video Walkthrough

About the Author

I create cybersecurity notes, digital marketing notes and online courses. I also provide digital marketing consulting including but not limited to SEO, Google & Meta ads and CRM administration.

View Articles