Shulou(Shulou.com)06/01 Report--

The directory browsing vulnerability is mainly due to improper configuration, when there is no index file in a certain directory (or the directory browsing function is turned on manually), all the files in the current directory and related lower-level directories are displayed on the page one by one. Through this vulnerability, the file directory structure on the server can be obtained, and sensitive files (data files, database files, source code files, etc.) can be downloaded.

For windows, just go to the IIS Manager, select the corresponding website, then double-click "Directory Browse" in the IIS item in the function view, and then click "disable" where you do it! You can also find the web.config file in the website directory, and set the

Change the true in to false!

For linux, find the relevant configuration file and set the

Options Indexs FollowSymLinks

Delete Indexs in, some can also be added in front of Index -, it is recommended to delete!

Alternatively, you can create an empty index.html page in each directory to fix it, but recommend the above method to solve it!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.