Automate Recon and scanning process with Vidoc. All security teams in one place
By kannthu
The "AMPPS by Softaculous Panel - Directory Listing - Detect" module is designed to detect directory listing misconfigurations in websites that use the AMPPS control panel by Softaculous. AMPPS is a software stack that provides a local web development environment. This module helps identify instances where the directory listing feature is enabled, potentially exposing sensitive information to unauthorized users.
This module has an informative severity level, meaning it provides valuable information about the misconfiguration but does not pose an immediate security risk.
This module was authored by deFr0ggy.
If the directory listing feature is misconfigured and enabled, it can allow anyone to view the contents of directories on the website. This can potentially expose sensitive files, such as configuration files, source code, or other confidential information. It is important to properly configure directory listing settings to prevent unauthorized access to these files.
The module works by sending HTTP requests to specific paths on the target website, such as "/client/", "/files/", and "/icons/". It then applies matching conditions to the responses received to determine if the directory listing feature is enabled.
The matching conditions used by this module are:
- The response body must contain the following words: "<title>[AMPPS] - Web Local</title>
" and "Powered by AMPPS
".
- The HTTP response status code must be 200 (OK).
If both conditions are met, the module considers the directory listing feature to be enabled and reports the vulnerability.
Here is an example of an HTTP request sent by this module:
GET /client/ HTTP/1.1
Host: example.com
It is important to note that this module does not make any changes to the target website. It only detects the presence of a misconfiguration and reports it for further action.