file-disable-directory-listing: Disable Apache2 Directory Listing

漏洞描述

Directory listing should be disabled to prevent unauthorized users from browsing server directories.

PoC代码[已公开]

id: file-disable-directory-listing

info:
  name: Disable Apache2 Directory Listing
  author: pussycat0x
  severity: medium
  description: |
    Directory listing should be disabled to prevent unauthorized users from browsing server directories.
  remediation: |
    Add 'Options -Indexes' in the Apache configuration file or .htaccess file.
  reference:
    - https://httpd.apache.org/docs/2.4/mod/core.html#options
  metadata:
    verified: true
  tags: audit,config,file,apache,hardening

file:
  - extensions:
      - conf

    matchers-condition: and
    matchers:
      - type: word
        words:
          - "<Directory"
          - "<FilesMatch"
        condition: and

      - type: word
        words:
          - "Options Indexes"
        negative: true
# digest: 4b0a00483046022100f3a0ad6c0011cad86d6c5bbcf4f760c8549ea3f15e76c9ecea439817c3d1547f022100916db4313d7dba5b213350d4157b3b68f6db04f808f59271c57c8ae09531f18a:922c64590222798bb761d5b6d8e72950

来源: https://github.com/projectdiscovery/nuclei-templates/blob/main/./file/audit/apache/file-disable-directory-listing.yaml