漏洞描述
Detects directory listing enabled on the TYPO3 temp directory. The typo3temp folder contains cached files, compiled assets, and temporary data that may reveal sensitive information about the application structure and configuration.
typo3-directory-listing: Typo3 Directory Listing
PoC代码[已公开]
id: typo3-directory-listing
info:
name: Typo3 Directory Listing
author: theamanrawat
severity: low
description: |
Detects directory listing enabled on the TYPO3 temp directory. The typo3temp folder contains cached files, compiled assets, and temporary data that may reveal sensitive information about the application structure and configuration.
reference:
- https://docs.typo3.org/m/typo3/reference-coreapi/main/en-us/ExtensionArchitecture/FileStructure/Index.html
metadata:
shodan-query: http.component:"typo3"
tags: typo3,directory-listing,exposure
flow: http(1) && http(2)
http:
- raw:
- |
GET / HTTP/1.1
Host: {{Hostname}}
matchers:
- type: dsl
dsl:
- '!contains_all(body, "Index of /", "PARENTDIR")'
internal: true
- method: GET
path:
- "{{BaseURL}}/typo3temp/"
matchers-condition: and
matchers:
- type: word
words:
- "Index of /typo3temp"
- "Last modified"
- "Parent Directory"
condition: and
- type: status
status:
- 200
# digest: 4a0a00473045022061afdf86ebf3d3cf1ffff6c64ae1bbe4ae8172221e39222f5a05841135bda8510221008e181913ad2d1eaaaa6336c939a5670c87ea3e584ebaf85aeb6685f6195dd336:922c64590222798bb761d5b6d8e72950