I did some pentesting on a website I am helping a client with and the tools reported that there are URLs like /index.php/login.php which might be vulnerable to something. The problem is that since it is a simple php site, normally this kind of URL shouldn't be possible (there is no folder "index.php" which contains a file "login.php"). I guess I could set some filter for the URL to clean this and redirect to the first php file. The actual effect of these urls is that the browser goes in a infinite loop requesting all the files over and over ... The site is using framesets (unfortunately) and I feel like it has something to do with this, but can't find a fix for it ...
Using IIS7 with php 5.3.63
Aucun commentaire:
Enregistrer un commentaire