Directory Listing
TaintedPort
Vuln ID
TP-013
Title
Directory Listing
Severity
low
Type
Information Disclosure
HTTP Method
GET
URL
/files/
Parameter
-
Filename
-
Code Location
docker/nginx.conf lines 47 and 79
Description
Nginx is configured with autoindex enabled on /files/, exposing all PHP source code, the SQLite database file, and configuration files including the JWT secret.
Proof of Concept
Browse to /files/ to see directory listing.Remediation
Remove the autoindex directive or set it to off.