search

ocapmod / ocap-legacy

OCAP is a game-changing tool that allows the recording and playback of operations on an interactive (web-based) map.
Other
38 stars 42 forks source link

Admin site not password protected #45

Open TheConen opened 8 years ago

TheConen commented 8 years ago

OCAP Version: 0.5.01 Server OS: Windows Server 2012R2 / IIS 7.5

Description: The /admin site is not password protected, allowing anyone to access it.

Steps to reproduce: Head to the /admin site.

RPT File n/a

wynarator commented 7 years ago

I'd say it's unnecessary to password protect it, as it's protected by changing "admin" folder name to "asoqieiAOSIOmsa1239admin" - fixed ;)

byjokese commented 7 years ago

you can add code to that .php so it requires password, or session authentication.