Description: A directory listing vulnerability in Customer Support System v1 allows attackers to list directories and sensitive files within the application without requiring authentication/authorization.
Vulnerable Product Version: Customer Support System 1.0
CVE Author: Geraldo Alcântara
Date: 28/11/2023
Confirmed on: 19/12/2023
CVE: CVE-2023-49545
Tested on: Windows
- Navigate to URL: http://{IP}/customer_support/database/ or http://{IP}/customer_support/assets/. I found out that many important files of application can be accessed directly from this directory listing.
Accessing the directory /database/
Accessing the directory /assets/
Discoverer(s)/Credits:
Geraldo Alcântara