Misconfiguration Private Program 2026-01-05
CDN Directory Listing Information Disclosure
Severity: Medium | Status: Resolved
Summary
The CDN server hosting static assets had Directory Listing (autoindex) enabled, allowing external attackers to browse the entire file structure without authentication.
Vulnerability Details
The Nginx server serving static content was configured with autoindex on, which is intended for development environments only.
Server Configuration (Vulnerable)
server {
listen 443 ssl;
server_name cdn.target.com;
location / {
root /var/www/cdn;
autoindex on; # ← Vulnerability!
}
}Proof of Concept
Navigating to the CDN root revealed the entire directory structure:
https://cdn.target.com/
Index of /
───────────────────────────────────────
../
images/ 2025-02-10 12:30 -
video/ 2025-02-12 09:15 -
documents/ 2025-02-14 16:45 -
backup/ 2025-02-01 08:00 -Exposed Content
| Directory | Contents | Risk |
|---|---|---|
/images/ | Nominee photos (unreleased) | Pre-release leak |
/video/ | Promo videos (upcoming) | Spoiler content |
/documents/ | Internal PDFs | Sensitive info |
/backup/ | Old assets | Historical data |
Directory Traversal Example
/images/
├── nominees/
│ ├── 2025/
│ │ ├── revealed/
│ │ └── unrevealed/ ← Secret content!
│ │ ├── creator_x.jpg
│ │ └── creator_y.jpgImpact
- Exposure of pre-release promotional content
- Nominees revealed before official announcement
- Marketing campaigns spoiled
- Competitive advantage lost
Remediation
# Fixed configuration
server {
listen 443 ssl;
server_name cdn.target.com;
location / {
root /var/www/cdn;
autoindex off; # Disable directory listing
# Only serve specific file types
location ~* \.(jpg|jpeg|png|gif|mp4|webm)$ {
expires 30d;
add_header Cache-Control "public";
}
}
}Responsible Disclosure
This vulnerability was reported responsibly and fixed by the vendor before public disclosure.