Vulnerability Report from Asif Khan on 2021-05-03 (public-security-disclosure@w3.org from May 2021)

From: Asif Khan <lava232104@gmail.com>
Date: Mon, 3 May 2021 12:22:26 +0530
To: public-security-disclosure@w3.org
Message-ID: <CAKujmuYe5UF=58wugP0cB9jLvTu6JUbREycKeZ6n0bW7pYgTBg@mail.gmail.com>

Hello team,


I have found  source code disclosure bug in your site,Through Directory
listing.


Vulnerability -  Source code disclosure through Directory Listing


Vulnerability URL - http://itikannur.kerala.gov.in/content/


Vulnerability severity - Critical


Description: Exposing the contents of a directory can lead to an attacker
gaining access to source code or providing useful information for the
attacker to devise exploits, such as creation times of files or any
information that may be encoded in file names. The directory listing may
also compromise private or confidential data.


Steps to reproduce: Open this link --
https://www.w3.org/config/



Impact -  It can lead to an attacker gaining access to source code or
providing useful information for the attacker to devise exploits, such as
creation times of files or any information that may be encoded in file
names. The directory listing may also compromise private or confidential
data.


Poc Attached

Attachments

image/png attachment: poc_1.png
image/png attachment: poc_2.png
image/png attachment: poc_3.png

Received on Monday, 3 May 2021 13:40:33 UTC