|
Family: CGI abuses --> Category: infos
Sitemap.xml File and Directory Enumeration Vulnerability Scan
Vulnerability Scan Summary Checks for a web server's sitemap.xml
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote web server contains a 'sitemap.xml' file.
Description :
The Sitemap Protocol allows you to inform search engines about URLs on
your websites that are available for crawling. In its simplest form,
a Sitemap is an XML file that lists URLs for a site.
It has been discovered that many site owners are not building their
Sitemaps through spidering, but by scripted runs on their web root
directory structures. If this is the case, a possible hacker may be able to
use sitemaps to to enumerate all files and directories in the
webserver root.
See also :
http://www.quietmove.com/blog/google-sitemap-directory-enumeration-0day/
https://www.google.com/webmasters/sitemaps/docs/en/protocol.html
Solution :
Site owners should be wary of automatically generating sitemap.xml
files, and admins should review the contents of there sitemap.xml file
for sensitive material.
Threat Level:
None
Click HERE for more information and discussions on this network vulnerability scan.
|