Beijing Zhide Intelligent Internet Technology Modern Farm Digital Integrated Management System Directory Listing Vulnerability

A file access vulnerability has been identified in Beijing Zhide Intelligent Internet Technology Modern Farm Digital Integrated Management System version 1.0. The issue arises from an unknown function that allows unauthorized access to files or directories. This vulnerability can be exploited remotely, without authentication, and affects multiple endpoints. The directory listing feature is not disabled, enabling attackers to view and download sensitive files, such as tokens, from directories lacking a default index file.

Impact

Exploitation of this vulnerability leads to unauthorized access to files and directories, potentially allowing the download of sensitive information.

Reproduction

The vulnerability can be reproduced by accessing a directory on the server that does not contain a default index file. The server's directory listing feature will reveal all files and subdirectories within that directory, creating an opportunity to download sensitive files.

Remediation

It is recommended to disable directory listing on the server. Additionally, implementing a firewall can help mitigate the vulnerability.