Jump to content

  • You cannot start a new topic
  • You cannot reply to this topic

WARNING: Skins directory unprotected and open to public. Rate Topic   - - - - -

 

Posted 30 August 2006 - 04:49 PM #1

http://demo.cs-cart....mer/content.tpl

and any other files in the skins directory are viewable.

 
  • kloptops
  • Junior Member
  • Members
  • Join Date: 07-Mar 06
  • 5 posts

Posted 31 August 2006 - 04:22 AM #2

I also found this on my previous host, i added the following to my .htaccess file (one inside the cscart base directory will do).

Options -Indexes

<FilesMatch "(\.(inc(\.php)?|sh|sql|tpl(\.php)?))$">
  Order deny,allow
  Deny from all
</FilesMatch>

this stops people from directly accessing .tpl, .tpl.php, .sql, .inc & .inc.php files. It also stops listing of directorys. I cant remember where i found this snippet, but imho its a must for any e-store.

I hope this helps.

 
  • lordmatrix
  • Senior Member
  • Members
  • Join Date: 26-May 06
  • 120 posts

Posted 31 August 2006 - 11:08 AM #3

July 14th, 2006
http://vb.cs-cart.co...hread.php?t=680