WordPress Directory Listing : The Story of Cloakfusion Bug

Thursday, January 28, 2016 By Jitendra 0 comments






Hi Followers

 Due to the workload cant able to update the website but I am back with my work again 

The Story

So this is a story of a very minor bug which most webmasters forgot to patch this is about the directory listing vulnerability in the WordPrets and they think that they patched it.

But still the danger exists there are three folders in the WordPress main directory they are
  • wp-admin
  • wp-content
  • wp-includes
what they actually do they only deny the access to these three directory but they forget that these directory also contains some other folders so to secure the website they should have to revoke the access to all of the folders of these three folders.


The Bug

The bug exists here
during browsing www.cloakfusion.com i found that it is a WordPress based website to first I tried some simple things like accessing the readme.html file but it was protected and the three directory is protected as well but after that I browsed the folder which are inside these three folders
Then I tried

https://www.cloakfusion.com/wp-content/uploads 
and yes I can browse it 
I also tried 
https://www.cloakfusion.com/wp-includes/

and it was also not protected
here are the screenshots of both



So this has to be patched by modifying the .htaccess file and deny the access to these folders

So tuned more is coming soon


Thank You
Jitendra Santram Singh (Team Computer Korner ) 



Feel Free To Leave A Comment If Our Article has Helped You, Support Us By Making A Small Contribution, Thank You!

About the Author

Written by CK Admins

Computer Korner is an open knowledge sharing site, where the we try to share our experience with IT, Security, Networking, System Administration tasks faced in day to day life. Articles from visitors are highly appreciated. Contact Us at : Click Here


0 comments:

Subscribe to: Post Comments (Atom)