Cobalt Crowdsourced Application PentestCobalt Crowdsourced Application PentestCobalt Crowdsourced Application Pentest

Cobalt Vulnerability Wiki


V4 - Access Control

Directory Listing Enabled

POC

  • Use a directory listing tool such as dirsearch
  • Look for common directories with the following command:
  • dirsearch -e all -t 5 -u
  • For one directories, observe that directory listing is enabled which leads to information disclosure.

Impact

Low-Medium

Likelihood

Low