burty1109 Posted July 26, 2018 Share Posted July 26, 2018 Hi Everyone. Security issue, exposing customer attachments to anyone on the web. Using PS 1.7.3 When Customers use the Contact Us option on the website and include an attachment this attachment is stored in the /upload folder. /upload is set to 0755 all files are given 0644 permissions Anyone can view the uploads folder and all that is contained within.. I just noticed customers details, photos, and other attachments that are suppose to be private. try this http://yourdomain.com/uploads Can anyone offer a suggestion? Thanks Link to comment Share on other sites More sharing options...
burty1109 Posted July 26, 2018 Author Share Posted July 26, 2018 The fix for this is to add in the .htaccess file the following code Options -Indexes Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now