We are happy to announce that Vesta is back under active development as of 25 February 2024. We are working on v1 candidate and expect to engage more with the community over the coming months. We are committed to open source, and we encourage contributors to help us build the future of Vesta.
150004 - Path-Based Vulnerability - if only one domain is hosted and under admin
150004 - Path-Based Vulnerability - if only one domain is hosted and under admin
150004 - Path-Based Vulnerability
Hello Vesta,
I found one Path-Based Vulnerability if only one domain is hosted along with default domain inside user admin. We can access any txt file using https://IPaddress/filename.txt which is actually hosted for domain whereas no other file can be accessed like php or even txt if try to access it via non https.
I tried to use .htaccess in default-domain too to block the access for txt files but it has no impact if I am using https://
using https I can access txt file in defualt domain with IP and also the txt files hosted under primary domain hosted under user admin.
For better Idea - No custom DNS is in use site is pointed to this server using A records. Please update me if any have solution or if you would like I will share it in private.
Thanks
Hello Vesta,
I found one Path-Based Vulnerability if only one domain is hosted along with default domain inside user admin. We can access any txt file using https://IPaddress/filename.txt which is actually hosted for domain whereas no other file can be accessed like php or even txt if try to access it via non https.
I tried to use .htaccess in default-domain too to block the access for txt files but it has no impact if I am using https://
using https I can access txt file in defualt domain with IP and also the txt files hosted under primary domain hosted under user admin.
For better Idea - No custom DNS is in use site is pointed to this server using A records. Please update me if any have solution or if you would like I will share it in private.
Thanks