Security Issue with admincp links

**moman** · 22-01-10, 04:48

I have .htaccess protection on my admincp folder. However, when accessed it with a lang parameter in the URL (i.e. site.com/pl/admincp/) then that access is bypassed! This looks like a fairly serious security issue if it's indeed a bug.

Also, if my forum is translated, then my admincp links include the language paremeter for some reason- they didn't before.

**vBET** · 22-01-10, 19:07

So add protection also for translated admincp URLs, or even better - redirect in .htaccess translated acmincp URLs to normal one. This will force going to admincp in normal way and your security will work. This is specific solution used for your forum - please adopt it to actual settings

If you need help for this - please show me your actual .htaccess file.

If you don't want to have URL tracking working for admincp just use 'Ignore URLs' option. Personally I think that it is not needed at all - when you go to admincp you do not do it from translated page, and even if, then you can manually change the URL. Anyway 'Ignore URLs' will keep any link you want out of translation tracking.

Afrikaans	Albanian	Arabic	Belarusian
Bulgarian	Catalan	Chinese	Croatian
Czech	Danish	Dutch	English
Estonian	Filipino	Finnish	French
Galician	German	Greek	Haitian Creole
Hebrew	Hindi	Hungarian	Icelandic
Indonesian	Irish	Italian	Japanese
Korean	Latvian	Lithuanian	Macedonian
Malay	Maltese	Norwegian	Persian
Polish	Portuguese	Romanian	Russian
Serbian	Slovak	Slovenian	Spanish
Swahili	Swedish	Taiwanese	Thai
Turkish	Ukrainian	Vietnamese	Welsh
Yiddish

Earn with us!

Thread: Security Issue with admincp links

Thread Tools

Display

Security Issue with admincp links

Tags for this Thread

Posting Permissions