Browse > Article
http://dx.doi.org/10.14400/JDC.2014.12.10.259

Vulnerability of Directory List and Countermeasures  

Hong, Sunghyuck (Division of Information and Communication, Baekseok University)
Publication Information
Journal of Digital Convergence / v.12, no.10, 2014 , pp. 259-264 More about this Journal
Abstract
The web server is configured to display the list of files contained in this directory. This is not recommended because the directory may contain files that are not normally exposed through links on the web site. The directory list have some serious vulnerability to show internal files and directory to outsider attackers. Therefore, the proposed countermeasure of directory list is presented to prevent unnecessary valuable information from outsider attackers.
Keywords
Directory listings; web server; IIS; Apache; vulnerabilities; Google Search;
Citations & Related Records
연도 인용수 순위
  • Reference
1 J.Halpern, S.Convery, R. Saville, "IPSec Virtual Private Networks in Depth VPN", Cisco Systems White Paper, June 2001.
2 DOI: http://dx.doi.org/10.1109/TPDS.2005.4   DOI   ScienceOn
3 Beaver Kevin, Hacking for Dummies 4th Edition, V ol., No., pp. 281-282, 2012.
4 Kaiping Liu; Hee Beng Kuan Tan; Shar, L.K., Semi-Automated Verification of Defense against SQL Injection in Web Applications, Software Engineering Conference (APSEC), 2012 19th Asia-Pacific , vol.1, no., pp.91,96, 4-7 Dec. 2012.
5 JOHNNY LONG, Google Hacking for Penetration Testers Vol., No., pp. 41-62, 2010.
6 Seungju Jang, Juneho Kim, Design of files and direc tories with security features within the Windows O. S. using Visual C++, Vol. 7, No. 1, pp 510-514, 2009
7 Acevedo, B.; Bahler, L.; Elnozahy, E.N.; Ratan, V.; Segal, M. E., Highly available directory services in DCE, Fault Tolerant Computing, Proceedings of Annual Symposium on, vol., no., pp.387,391, 25-27 Jun 1996
8 Jae-Nam Woo, Red Hat Fedora Linux Server & Network, Vol., No., pp. 573-575, 2010.
9 DOI: http://dx.doi.org/10.1109/HPCA.1999.744354   DOI
10 DOI: http://dx.doi.org/10.1109/IEEESTD.1994.122164   DOI
11 S. B. Hong, Linux Server Security Management Practices 2nd Edition, Vol, 1. No., pp.85-86, 2008.
12 KISA, Web Server Security Check's Guide, pp. 64-65, 2010
13 B. Moore, E. Elleson, J. Strassner, A. Westerinen, "Policy Core Information Model", Request for Comments RFC 3060, February 2001.