Project Information
Repository: https://github.com/Steemhunt/web
Platform: https://steemhunt.com
Expected Behaviour
.htaccess file should be a hidden file and on calling it 403 Forbidden should be showed.
Actual Behaviour
.htaccess file is visible publicly.
How to reproduce
Just Visit : https://steemhunt.com/.htaccess
Than .htaccess file can be downloaded and viewed in any text editor
Alternatively in Terminal curl https://steemhunt.com/.htaccess will do the trick.
Hello @neutrinoguy,
Welcome and Thanks for posting this issue via Steemit to raise awareness.
misconfigured visibility on
htaccess
file can cause some vulnerability in some projects, But since steemhunt didn't have such problems it is a great effort from you to pinpoint it out early.I found an Awesome blog about this if you're interested in sharing it to developers or for those reading this post here
I like your PS1 terminal style :)
Thank you for your contribution in the project.
Your contribution has been evaluated according to Utopian policies and guidelines, as well as a predefined set of questions pertaining to the category.
To view those questions and the relevant answers related to your post, click here.
Need help? Write a ticket on https://support.utopian.io/.
Chat with us on Discord.
[utopian-moderator]
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
Hey @neutrinoguy
Thanks for contributing on Utopian.
We’re already looking forward to your next contribution!
Want to chat? Join us on Discord https://discord.gg/h52nFrV.
Vote for Utopian Witness!
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit