Directory Browsing Vulnerability | Directory Listing / Traversal Attack | How To | Demo [Screenshots] | Mutillidae

As a web application penetration tester, when you find directory browsing enabled on a web server, you include it in your report, but you know subsequent exploitation might be a long shot depending on what information is actually exposed.

The main threat lies in the fact that the attacker can view all the files present on the web directory. This might include PHP files (or files in other web languages). If the attacker is dedicated enough, he will read these PHP codes to figure out a way to circumvent security.

Directory Browsing Vulnerability in Mutillidae

An attacker can review the code behind these PHP scripts to find potential weaknesses