Security Researcher | CRTA | Bug Bounty Hunter l APCSIP 2025 | Hall of Fame: NASA, Apple ,Philips,Thales, Unilever, OLX, BOAT, BASF India ,Lenovo, Eccounil ,Drexel University ,U.S Department, U.S Federal ,QNAP
🔍 Public Directory Listing Exposed on target.com During routine reconnaissance, I discovered that the subdomain json-schema.target.com had an open directory listing enabled at the root path /. This exposed several internal schema folders such as: /app/ /data-class/ /form/ /ivy/ /market/ /openapi/ /openrpc/ /process/ /variables/ 🛡️ Security Risk: Public directory listing can unintentionally expose: Internal project structures Sensitive files or APIs Development or staging assets Unauthenticated access to schema blueprints This misconfiguration could aid attackers in identifying further attack surfaces or performing targeted exploitation. ✅ I’ve responsibly disclosed this to the target.com security team to help them remediate the issue. 🔐 #CyberSecurity #BugBounty #EthicalHacking #DirectoryListing #InfoSec #Reconnaissance #WebSecurity #ResponsibleDisclosure #OSINT #CyberAwareness
Was webdav or robots.txt?
Final-Year BCA Student @MUJ | Aspiring Cybersecurity & Cloud Professional | Driving Human-Centered Product Innovation
3moGood going Ashish. Keep up the good work 👍