Open mauroalx opened 1 year ago
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
Yo puedo trabajar en mejorar eso.. si te interesa contáctame.
The current behavior of Whaticket when hosting .html files is process it instead forcing the download.
This may include security issues, mainly when the operator open the sent file.
Take a look on the screenshot below
What can be done?
Your server can be used as a phishing page and for real, the user just opening the file is enough for the attacker get the URI (sending it using HTTP request)
I think the best way is force the download of .html
I'm not in cybersecurity so I may have been wrong in parts.