We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Severity: Low Discovered: 09 of July-2023, 01:38 PM
Low
09 of July-2023, 01:38 PM
CWE-200
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
A '.htaccess' entry was found by looking for '.htaccess' in the URL 'https://brokencrystals.com/.htaccess?email=&message=NexPloitData&name=gadi&subject=abc8d5c8968'.
Data leakage, Access to unauthorized information
Configure the web server running the application to disable access to this file. For certain scenarios enforce access only by localhost.
GET https://brokencrystals.com/.htaccess?email=&message=NexPloitData&name=gadi&subject=abc8d5c8968 HTTP/1.1 Referer: https://brokencrystals.com/ Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/106.0.5249.119 Safari/537.36 accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 accept-encoding: identity cookie: connect.sid=gzoY4trX9qlnSEjbStor7L5rFwf1YGCA.NPWz02DM%2BL5wFCMEqnBztQKv9%2Fla6b65lBw7lIJXjGs; bc-calls-counter=1688909907221; _csrf=4c8a7023d21380d6c1a48c2aaab823b9 sec-fetch-dest: document sec-fetch-mode: navigate sec-fetch-site: same-origin sec-fetch-user: ?1 authorization: eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJ1c2VyIjoiYWRtaW4iLCJleHAiOjE2ODczMzg5MDB9.Tct-MaLY5LU49s0IR6i-ydQtnG32Hw3OqxD06fu5fZWagWbo2ICsDOPQTKvSPrvZB1c0LzdsEKD_OVzic6KoJ88PvXIuUgh5nHq11q6baEocW8R9yxQjpCDH6rWu90GWeV-X9OgZewVTTWvSIrPL23UE7axbwoh0yQZJOVP4pRLZC85VRVgzUABTY-mk2sxJtu824r3wZBc7mK5rCooW1E88EcZ15UVWBwXjGDZy28ziFTfx1MtMmN13bm9_sQlhnXLd6B1KP_Fb-RlnfByoCXRd7kowwRIZbUqHXwaOHDTnP6uogeeTlT0KNrmaJZoWWmYpmlCbw1KdLiqjWnU2UrqMa9A1fCbuZQf5192NnPE-Htz3y3k_BEScMCg2rKr8jDGIREZxvajRgIcNWUDsgKSrSNGyR6o-iAMOXkvY58LU7W6ERuWYaw7ulUqdY2MNAYOHmQdQF3SML-Ng2bkIHvuiWa_gLVRW75fJypzLz3Cpi6gz8M-OF2hR1t7d8u0xBjjCGfJUTte6oa7Qip5S_K8taxMTyBzYaSgZt6NWgXKiX8j9XDEy8Sr-GITRPAElzOMj-ezTBdvxWc8-C4xt00JVspiewPCFvlu6gbh8GyoGftgXHcdaXDvQoqk2rc44cnJ1NPayuT-Y7qb5DaMn-YWVrtNtELRdJyzVD-lmtsw
HTTP/1.1 200 Date: Sun, 09 Jul 2023 13:38:27 GMT Content-Type: application/octet-stream Content-Length: 100 Connection: keep-alive Last-Modified: Mon, 22 May 2023 04:17:47 GMT ETag: "646aeceb-228" Expires: Mon, 10 Jul 2023 13:38:27 GMT Cache-Control: public, max-age=99999 Accept-Ranges: bytes Strict-Transport-Security: max-age=15724800; includeSubDomains RewriteEngine on RewriteCond %{REQUEST_FILENAME} !-d RewriteCond %{REQUEST_FILENAME}\.php -f Rewrite
The text was updated successfully, but these errors were encountered:
No branches or pull requests
Exposed Common File
Severity:
LowDiscovered:09 of July-2023, 01:38 PMCWE ID
CWE-200
CVSS
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Details
A '.htaccess' entry was found by looking for '.htaccess' in the URL 'https://brokencrystals.com/.htaccess?email=&message=NexPloitData&name=gadi&subject=abc8d5c8968'.
Possible exposure
Data leakage, Access to unauthorized information
Remediation suggestions
Configure the web server running the application to disable access to this file. For certain scenarios enforce access only by localhost.
Request
Response
External links
The text was updated successfully, but these errors were encountered: