How I found 40+ Directory Listing Vulnerabilities of Source Code Disclosure via Exposed WordPress Folders using Google Dorks
I have found more than 40+ Directory Listing Vulnerabilities which contain Source Code Disclosure via the Exposed WordPress Folders (/wp-admin & Others) just by using Google Dorks as shown below 👇
Google Dorks:
Index:Index of /wp-admin
Google Dorks:
Index:Index of /wp-content/uploads
Some websites confidential info like database usernames/passwords and other configuration data are exposed directly to public view. For example, we can find database credentials in the “wp-config.php” folder of a website as shown below
Precautions and Recommendations:
1. The application should have proper permissions on sensitive directories and content.
2. To fix this vulnerability, either remove the “/wp-content/uploads/” or any other folder which contains confidential info from your web server or ensure that you deny public access to the “/wp-content/uploads/” folders on your server
3. Please follow the below reference articles to understand the issue in detail and fix it.
References:
- https://secure.wphackedhelp.com/blog/wp-content-uploads/
- https://www.acunetix.com/blog/articles/directory-listing-information-disclosure/
Thank you guys for Reading this Post — Happy Hunting 🐞
If you like this post, don’t forget to give me a clap 👏
Resources: Google
Support me: If you like to support me, buy me a cup of Coffee☕
Follow me: Satya Prakash | LinkedIn | Twitter