Security Question #208
Comments
|
Also just to clarify, these are provided via the JavaScriptLocalizationResources script. |
|
Sure if you leave your LocalizationAdmin interface open without any security in front of it, new resources can be created. That just looks like a robot got into your admin interface. start by putting a robots.txt and excluding the localizationadmin folder (how is that folder even discovered? Do you have it linked in the public site?) |
|
We do have the ConfigureAuthorizeLocalizationAdministration section locked down so only our staff members and our super admins at that (only developers) can access this so it looks like this has somehow been circumvented. Is there a way I can disable this part of the functionality? The folder isn't linked at all except when logged in as a super admin. |
Hi there,
I found some strange folders within the "Properties folder of my application today".
These files correspond to resource sets available within our implementation of the Westwind Globalization package.
I was wondering if you are aware of any vulnerability within the package that would allow someone to do this? We have configured the "ConfigureAuthorizeLocalizationAdministration" to only our super admins.
Thanks in advance,
David
The text was updated successfully, but these errors were encountered: