[steemhunt.com] .htaccess file is publicly available to anyone.

in utopian-io •  6 years ago 

Project Information

Repository: https://github.com/Steemhunt/web
Platform: https://steemhunt.com

Expected Behaviour

.htaccess file should be a hidden file and on calling it 403 Forbidden should be showed.

Actual Behaviour

.htaccess file is visible publicly.

How to reproduce

  1. Just Visit : https://steemhunt.com/.htaccess

  2. Than .htaccess file can be downloaded and viewed in any text editor

  3. Alternatively in Terminal curl https://steemhunt.com/.htaccess will do the trick.

steemhunt_htaccess.png

Github Details

Github profile
Issue#223

Authors get paid when people like you upvote their post.
If you enjoyed what you read here, create your account today and start earning FREE STEEM!
Sort Order:  

Hello @neutrinoguy,
Welcome and Thanks for posting this issue via Steemit to raise awareness.

  • misconfigured visibility on htaccess file can cause some vulnerability in some projects, But since steemhunt didn't have such problems it is a great effort from you to pinpoint it out early.

  • I found an Awesome blog about this if you're interested in sharing it to developers or for those reading this post here

  • I like your PS1 terminal style :)

Thank you for your contribution in the project.


Your contribution has been evaluated according to Utopian policies and guidelines, as well as a predefined set of questions pertaining to the category.

To view those questions and the relevant answers related to your post, click here.


Need help? Write a ticket on https://support.utopian.io/.
Chat with us on Discord.
[utopian-moderator]

Hey @neutrinoguy
Thanks for contributing on Utopian.
We’re already looking forward to your next contribution!

Want to chat? Join us on Discord https://discord.gg/h52nFrV.

Vote for Utopian Witness!