id: glpi-directory-listing info: name: GLPI Directory Listing author: RedTeamBrasil,ImNightmaree severity: low description: In certain cases, system administrators leave directory listing enabled which can sometimes expose sensitive files. tags: glpi,misconfig metadata: max-request: 2 http: - raw: - | GET {{expose_data}} HTTP/1.1 Host: {{Hostname}} payloads: expose_data: - /glpi/files/ - /glpi/ matchers-condition: and matchers: - type: word part: body words: - "Index of /glpi/" - type: status status: - 200