J. Smith and L. Zhang, "Index of /uploads: Analyzing Information Disclosure via Directory Listing Misconfigurations in Web Applications," in Proceedings of the 2025 IEEE International Conference on Cyber Security and Cloud Computing , pp. 112–119, July 2025.
Normally, when you visit a folder on a website, the server looks for a default file like index.html or index.php to display. If that file is missing, many web servers are configured to automatically generate a list of every file in that directory instead. This is known as or Directory Browsing . Why "Index of /uploads" is a Goldmine for Attackers