Search XSS directing to server default page

Home Forums BulletProof Security Free Search XSS directing to server default page

Viewing 2 posts - 1 through 2 (of 2 total)
  • Author
    Posts
  • March 19, 2018 at 7:06 am #35507
    Nuno Miguel
    Participant

    If I trie to do www.example.com/?s=asd%27"><img+src%3D2+onerror%3Dalert%281%29+>

    instead of getting your 403.php the site presents the centos default page.
    Shouldn’t this be something that get’s caught by the plugin and redirect to your 403.php page?
    Thanks

    March 19, 2018 at 9:12 am #35508
    AITpro Admin
    Keymaster

    BPS Security logging redirection to the BPS 403.php logging template file is handled by this htaccess directive code in your Root htaccess file:  ErrorDocument 403 /wp-content/plugins/bulletproof-security/403.php.

    What type of hosting is this? Shared, VPS, Dedicated? Do you have access to the server’s httpd.conf and vhosts conf files?

  • Author
    Posts
Viewing 2 posts - 1 through 2 (of 2 total)
  • You must be logged in to reply to this topic.