Directory listing

Last updated on December 23rd, 2020 by Radostin Angelov. Filed under

Directory listing is a web server function in which the web server returns a listing of all the files and directory in a directory if there is no index file, such as index.php or index.html. Example; if a visitor requests https://www.wpwhitesecurity.com/wp-content/ and there is no index file, the visitor will be able to see a list of all the files and directories in that directory. The screenshot below is an example:

Directory listing

Directory listing per se is not a vulnerability. However, it leads to information disclosure. If not restricted attackers can use it to gain knowledge about the target and learn what system it is running etc. thus helping them craft an attack against that website. Therefore it is always recommended to disable directory listing on web servers.

Our other plugins