[steemhunt.com] .htaccess file is publicly available to anyone.

neutrinoguy (47)in #utopian-io • 6 years ago

Project Information

Repository: https://github.com/Steemhunt/web
Platform: https://steemhunt.com

Expected Behaviour

.htaccess file should be a hidden file and on calling it 403 Forbidden should be showed.

Actual Behaviour

.htaccess file is visible publicly.

How to reproduce

Just Visit : https://steemhunt.com/.htaccess
Than .htaccess file can be downloaded and viewed in any text editor
Alternatively in Terminal curl https://steemhunt.com/.htaccess will do the trick.

Github Details

Github profile
Issue#223

#bug-hunting #steemhunt #bug

6 years ago in #utopian-io by neutrinoguy (47)

Sort:

sachincool (63) 6 years ago (edited)

Hello @neutrinoguy,
Welcome and Thanks for posting this issue via Steemit to raise awareness.

misconfigured visibility on htaccess file can cause some vulnerability in some projects, But since steemhunt didn't have such problems it is a great effort from you to pinpoint it out early.
I found an Awesome blog about this if you're interested in sharing it to developers or for those reading this post here
I like your PS1 terminal style :)

Thank you for your contribution in the project.

Your contribution has been evaluated according to Utopian policies and guidelines, as well as a predefined set of questions pertaining to the category.

To view those questions and the relevant answers related to your post, click here.

Need help? Write a ticket on https://support.utopian.io/.
Chat with us on Discord.
[utopian-moderator]

$0.00

[-]

utopian-io (71) 6 years ago

Hey @neutrinoguy
Thanks for contributing on Utopian.
We’re already looking forward to your next contribution!

Want to chat? Join us on Discord https://discord.gg/h52nFrV.

Vote for Utopian Witness!

$0.00

STEEM 0.21

TRX 0.20

JST 0.033

BTC 92882.93

ETH 3112.41

USDT 1.00

SBD 3.04