Vulnerability
Description
Nginx is one of the most commonly used web servers. We can scan for misconfigurations and security vulnerabilities in Nginx. With the Off-by-slash misconfiguration, it is possible to traverse one step up the path due to a missing slash it is possible to read the source code of the web application. The web server responded with a list of files located in the target directory. An attacker can see the files located in the directory and could potentially access files which disclose sensitive information.
Mitigation measures
- Change your nginx.conf file. A secure configuration for the requested directory similar to the following:
location /{YOUR DIRECTORY} {
autoindex off;
}
Configure the web server to disallow directory listing requests.
Ensure that the latest security patches have been applied to the web server and the current stable version of the software is in use.
Written by
Experience the Beagle Security platform
Unlock one full penetration test and all Advanced plan features free for 10 days
