150004 - Path-Based Vulnerability - if only one domain is hosted and under admin
150004 - Path-Based Vulnerability - if only one domain is hosted and under admin
150004 - Path-Based Vulnerability
Hello Vesta,
I found one Path-Based Vulnerability if only one domain is hosted along with default domain inside user admin. We can access any txt file using https://IPaddress/filename.txt which is actually hosted for domain whereas no other file can be accessed like php or even txt if try to access it via non https.
I tried to use .htaccess in default-domain too to block the access for txt files but it has no impact if I am using https://
using https I can access txt file in defualt domain with IP and also the txt files hosted under primary domain hosted under user admin.
For better Idea - No custom DNS is in use site is pointed to this server using A records. Please update me if any have solution or if you would like I will share it in private.
Thanks
Hello Vesta,
I found one Path-Based Vulnerability if only one domain is hosted along with default domain inside user admin. We can access any txt file using https://IPaddress/filename.txt which is actually hosted for domain whereas no other file can be accessed like php or even txt if try to access it via non https.
I tried to use .htaccess in default-domain too to block the access for txt files but it has no impact if I am using https://
using https I can access txt file in defualt domain with IP and also the txt files hosted under primary domain hosted under user admin.
For better Idea - No custom DNS is in use site is pointed to this server using A records. Please update me if any have solution or if you would like I will share it in private.
Thanks