glpi-directory-listing: GLPI Directory Listing

日期: 2025-08-01 | 影响软件: glpi-directory-listing | POC: 已公开

漏洞描述

In certain cases, system administrators leave directory listing enabled which can sometimes expose sensitive files.

PoC代码[已公开]

id: glpi-directory-listing

info:
  name: GLPI Directory Listing
  author: RedTeamBrasil,ImNightmaree
  severity: low
  description: In certain cases, system administrators leave directory listing enabled which can sometimes expose sensitive files.
  metadata:
    max-request: 2
  tags: glpi,misconfig,vuln

http:
  - raw:
      - |
        GET {{expose_data}} HTTP/1.1
        Host: {{Hostname}}

    payloads:
      expose_data:
        - /glpi/files/
        - /glpi/

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - "Index of /glpi/"

      - type: status
        status:
          - 200
# digest: 4b0a00483046022100a2ac6e429c77c19d25ad9cbef7962fd179cf1719ee7b83bca638af050b7a81470221008670d790f7f710452639625c2718da10742c76289268ac3e3708d096d732fbb9:922c64590222798bb761d5b6d8e72950
来源: https://github.com/projectdiscovery/nuclei-templates/blob/main/http/misconfiguration/glpi-directory-listing.yaml