Rise Company
01-11-2020, 03:49
سكريبت Whmcs حل مشكلة Needing Attention Sensitive Directory Check /vendor
https://www.rise.company/upload/uploads/160419903864911.png
Needing Attention Sensitive Directory Check
One or more sensitive directories are accessible from the web:
/vendor
Please refer to our Further Security Steps (https://docs.whmcs.com/Further_Security_Steps#Vendor_Directory) for information.
يوجد اداة قم بتحميلها فى مسار whmcs ثم استدعى الرابط الخاص بها وشوف النتيجة التى هتظهر
هل مسار /vendor محمى ام لا
A verification tool has also been made available to assist in determining
if your web server environment is affected. This tool can be downloaded here (https://www.whmcs.com/download/1329/security_advisory_20200128_verification_tool.zip).
To use the tool, simply upload it to the root directory of your WHMCS installation
and then visit in a browser or run from the command line.
The tool will confirm if you are affected.
https://www.rise.company/upload/uploads/160419903898264.jpg
How to fix the vulnerability
The solution depends upon your web server environment and various configurations.
Apache Web Server Software
Apache is the recommended web server software platform to run WHMCS on. By default a .htaccess file is provided which in most cases should be sufficient to direct the Apache web server to disallow web based access to files within the vendor directory.
If you are running Apache and files remain accessible, please first ensure that the /vendor/.htaccess file exists, has appropriate ownership and permissions, and that it contains the following directive:
Deny from all
If files continue to remain accessible, then you will want to investigate if your Apache configuration has disabled the use of .htaccess files or if there is a parent configuration that is negating the directive in the provided .htaccess file.
حل المشكلة :
الحل فى ملف .htaccess والذى هتجده فى 3 اماكن
1- فى المسار public_html تاكد ان بداخله لايوجد كود غريب
2- فى مسار whmcs تاكد ان بداخله لايوجد كود غريب
3- داخل مسار whmcs تاكد فى vendor بداخله كود deny
حل المشكلة هو فى الغالب هتجد كود redirect للصفحات الخطا مثل 400, 401, 402, 403, 404
قم بازالة هذا الكود فى public_html او whmcs اذا وجدته او مثيل له.
النتيجة :
https://www.rise.company/upload/uploads/160419903891993.jpg
https://www.rise.company/upload/uploads/160419903884372.png
المرجع :
https://docs.whmcs.com/Security_Advisory_2020-01-28
https://www.rise.company/upload/uploads/160419903864911.png
Needing Attention Sensitive Directory Check
One or more sensitive directories are accessible from the web:
/vendor
Please refer to our Further Security Steps (https://docs.whmcs.com/Further_Security_Steps#Vendor_Directory) for information.
يوجد اداة قم بتحميلها فى مسار whmcs ثم استدعى الرابط الخاص بها وشوف النتيجة التى هتظهر
هل مسار /vendor محمى ام لا
A verification tool has also been made available to assist in determining
if your web server environment is affected. This tool can be downloaded here (https://www.whmcs.com/download/1329/security_advisory_20200128_verification_tool.zip).
To use the tool, simply upload it to the root directory of your WHMCS installation
and then visit in a browser or run from the command line.
The tool will confirm if you are affected.
https://www.rise.company/upload/uploads/160419903898264.jpg
How to fix the vulnerability
The solution depends upon your web server environment and various configurations.
Apache Web Server Software
Apache is the recommended web server software platform to run WHMCS on. By default a .htaccess file is provided which in most cases should be sufficient to direct the Apache web server to disallow web based access to files within the vendor directory.
If you are running Apache and files remain accessible, please first ensure that the /vendor/.htaccess file exists, has appropriate ownership and permissions, and that it contains the following directive:
Deny from all
If files continue to remain accessible, then you will want to investigate if your Apache configuration has disabled the use of .htaccess files or if there is a parent configuration that is negating the directive in the provided .htaccess file.
حل المشكلة :
الحل فى ملف .htaccess والذى هتجده فى 3 اماكن
1- فى المسار public_html تاكد ان بداخله لايوجد كود غريب
2- فى مسار whmcs تاكد ان بداخله لايوجد كود غريب
3- داخل مسار whmcs تاكد فى vendor بداخله كود deny
حل المشكلة هو فى الغالب هتجد كود redirect للصفحات الخطا مثل 400, 401, 402, 403, 404
قم بازالة هذا الكود فى public_html او whmcs اذا وجدته او مثيل له.
النتيجة :
https://www.rise.company/upload/uploads/160419903891993.jpg
https://www.rise.company/upload/uploads/160419903884372.png
المرجع :
https://docs.whmcs.com/Security_Advisory_2020-01-28