Detections
Analytics

Web Site sitemap.xml File and Directory Disclosure

info Nessus Plugin ID 22867

Language:

Synopsis

The remote web server contains a 'sitemap.xml' file.

Description

The Sitemap Protocol allows you to inform search engines about URLs on a website that are available for crawling. In its simplest form, a Sitemap is an XML file that lists URLs for a site.

It has been discovered that many site owners are not building their Sitemaps through spidering, but by scripted runs on their web root directory structures. If this is the case, an attacker may be able to use sitemaps to enumerate all files and directories in the web server root.

Solution

Site owners should be wary of automatically generating sitemap.xml files, and admins should review the contents of there sitemap.xml file for sensitive material.

See Also

http://www.quietmove.com/blog/google-sitemap-directory-enumeration-0day/

https://accounts.google.com/ServiceLogin?service=sitemaps&passive=1209600&continue=https://www.google.com/webmasters/tools/docs/en/protocol.html&followup=https://www.google.com/webmasters/tools/docs/en/protocol.html

Plugin Details

Severity: Info

ID: 22867

File Name: sitemap.nasl

Version: 1.14

Type: remote

Family: CGI abuses

Published: 10/14/2006

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus