What's your definition of vulnerability?

Question

What's your definition of vulnerability?

filerun opened this issue 6 years ago · 3 comments

You're browsing FileRun applications folders that are supposed to be publicly accessible for the browsers to load web resources from them. Listing their contents... So what?

Answer 1 · 2019-06-20T07:14:33.000Z

This is not recommended because the directory may contain files that are not normally exposed through links on the web site.

Answer 2 · 2019-06-20T12:15:44.000Z

No they may not. Unless somebody puts them there. And then, why would somebody put files inside "public_html"/"www" if they didn't want them to be public?!
While we appreciate a useful vulnerability finding, you seem to have posted this just to make you look helpful. Otherwise there is absolutely no point in having a GitHub project describing.. well.. nothing.

P.S. You should report Apache, IIS, Nginx, etc. as having the vulnerability of listing directories and providing access to resources :)

Answer 3 · 2019-06-20T13:51:21.000Z

You should learn what directory listing is. It is not about putting something in public folder.

P.S. Your project has two more 0-day vulnerabilities, 1. SQL Injection, 2. Directory Traversal :))