Beeeeney Posted November 5, 2012 Share Posted November 5, 2012 Our company website is well, badly coded to say the least. But there's one feature of it that seems like it could be a vulnerability to me. http://www.planetcruise.co.uk/images Link to comment https://forums.phpfreaks.com/topic/270320-wasnt-sure-where-to-post-this-possible-vulnerability/ Share on other sites More sharing options...
kicken Posted November 5, 2012 Share Posted November 5, 2012 Providing a directory listing isn't necessarily a bad thing unless there's some files in there you don't want the world to know about. If you want to prevent the listing then either configure your server to not provide it (Options -Indexes in .htaccess I believe) or put a simple index.html file in each folder. Link to comment https://forums.phpfreaks.com/topic/270320-wasnt-sure-where-to-post-this-possible-vulnerability/#findComment-1390371 Share on other sites More sharing options...
Beeeeney Posted November 5, 2012 Author Share Posted November 5, 2012 Providing a directory listing isn't necessarily a bad thing unless there's some files in there you don't want the world to know about. If you want to prevent the listing then either configure your server to not provide it (Options -Indexes in .htaccess I believe) or put a simple index.html file in each folder. Just a blank one? Link to comment https://forums.phpfreaks.com/topic/270320-wasnt-sure-where-to-post-this-possible-vulnerability/#findComment-1390388 Share on other sites More sharing options...
Beeeeney Posted November 5, 2012 Author Share Posted November 5, 2012 Well, actually, I'd like to do it via the .htaccess file. I know nothing of this so I suppose it's a good time to learn, but looking at it is all gibberish to me. Where would I put the Options -Indexes? Also, do I prefix it with RewriteRule? Link to comment https://forums.phpfreaks.com/topic/270320-wasnt-sure-where-to-post-this-possible-vulnerability/#findComment-1390389 Share on other sites More sharing options...
Beeeeney Posted November 5, 2012 Author Share Posted November 5, 2012 Not to worry, I did it. Link to comment https://forums.phpfreaks.com/topic/270320-wasnt-sure-where-to-post-this-possible-vulnerability/#findComment-1390392 Share on other sites More sharing options...
ignace Posted November 5, 2012 Share Posted November 5, 2012 Just a blank one? Yup. Though a .htaccess may be less cumbersome. Link to comment https://forums.phpfreaks.com/topic/270320-wasnt-sure-where-to-post-this-possible-vulnerability/#findComment-1390399 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.