Closed xyzsimon closed 3 years ago
I reported this 28 days ago sadly the Vulnerability will be made public soon if you have a large site I would recommend getting an external firewall to protect you as they can patch it till the problem is resolved with the new release.
Barrie
Can you send me the link to openbugbounty?
I meant to where they specifically talk about the issue haha!
This link is not specific to identifying the issue at my site... but it's the reporter's link https://www.openbugbounty.org/researchers/Kapitan/
The Vulnerability Type is: IAC (Improper Accss Control) and when I click its link I get to this page https://owasp.org/www-community/Broken_Access_Control
I suggest changing your admin folder names.
https://phpmydirectory.atlassian.net/wiki/spaces/PMDDOC/pages/10748067/Security+Tips?src=search
Then also adding htaccess password protection to the admin area:
A lot of web hosts have an easy way to do this from their control panels.
Ben, thanks for the reply / solution.
Thank you for that information
I run a licensed encrypted copy of phpmydirectory 1.5.3 I received and email from a website called openbugbounty.org. The link they sent me identifies a supposedly: Access Control Vulnerability for my website. This email has a link, the link too to a page that had a report. The report included this:
Remediation Guide: with a link to: OWASP Access Conrol Cheat Sheet. When I click it, it sent me to this github link:
https://github.com/OWASP/CheatSheetSeries/blob/master/cheatsheets/Access_Control_Cheat_Sheet.md
Has anyone received such an email ?