PDA

View Full Version : Solved Security Issue with admincp links



moman
22-01-10, 04:48
I have .htaccess protection on my admincp folder. However, when accessed it with a lang parameter in the URL (i.e. site.com/pl/admincp/) then that access is bypassed! This looks like a fairly serious security issue if it's indeed a bug.

Also, if my forum is translated, then my admincp links include the language paremeter for some reason- they didn't before.

vBET
22-01-10, 19:07
So add protection also for translated admincp URLs, or even better - redirect in .htaccess translated acmincp URLs to normal one. This will force going to admincp in normal way and your security will work. This is specific solution used for your forum - please adopt it to actual settings :) If you need help for this - please show me your actual .htaccess file.

If you don't want to have URL tracking working for admincp just use 'Ignore URLs' option. Personally I think that it is not needed at all - when you go to admincp you do not do it from translated page, and even if, then you can manually change the URL. Anyway 'Ignore URLs' will keep any link you want out of translation tracking.

AfrikaansAlbanianArabicBelarusianBulgarianCatalanChineseCroatianCzechDanishDutchEnglishEstonianFilipinoFinnishFrenchGalicianGermanGreekHaitian CreoleHebrewHindiHungarianIcelandicIndonesianIrishItalianJapaneseKoreanLatvianLithuanianMacedonianMalayMalteseNorwegianPersianPolishPortugueseRomanianRussianSerbianSlovakSlovenianSpanishSwahiliSwedishTaiwaneseThaiTurkishUkrainianVietnameseWelshYiddish
Translations supported by vBET 4.10.1