Home
Exported

TOLOGIX - ISLG Maintenance

Project dealing with all ongoing maintenance of the current ISLG application (www.investorstatelawguide.com and dev.investorstatelawguide.com).
Laura Mindorff, COO at IndustrialHarsh Parikh, Tech Lead at DevITMelissa Cowell, General Manager at IndustrialJeff Horne, CEO at IndustrialMonica Martinez, MonolabMarysia RaptisPaul MoonIrit WeinfeldNafiseh Arghandehpour, Legal Content Manager at ISLGKetan Sondarva, Technical Project Manager at DevITMartin Laporte, CTO at TologixSharmila Srikanth, Quality Assurance Engineer at TologixKishan Badri, Strategic Account Manager at TologixSéverine Beaudet, Senior Legal Content Manager at TologixGary López Vélez, Junior Legal Content Manager at Tologix +4 others
From the list: Security - Development

Medium (Medium) Directory Browsing - PENDING TESTING

Ryan K. added this on
Completed by Morgan M.
Assigned to
Harsh Parikh, Tech Lead at DevIT Harsh P.

Comments & Events

Ryan Knuth, Customer Support Manager at Industrial Ryan Knuth, Customer Support Manager
It is possible to view the directory listing. Directory listing may reveal hidden scripts, include files , backup source files etc which can be accessed to read sensitive information.

See ZAP Scanning Report issue #7
No one was notified
Harsh Parikh, Tech Lead at DevIT Harsh Parikh, Tech Lead
Hi Ryan Knuth, Customer Support Manager at Industrial Ryan ,

We have checked the Directory browsing is already disabled in IIS server for both dev.islg and www.islg.

We need to inform Carbon 60 team to resolve the problem by modifying the 
.htaccess file on server.
Notified 2 people
Ryan Knuth, Customer Support Manager at Industrial Ryan Knuth, Customer Support Manager
Thank you, Harsh Parikh, Tech Lead at DevIT Harsh . Please go ahead and submit a ticket to Carbon60 if you have not already done so.
Notified 2 people
Anil Vaghela Anil Vaghela
Hello Ryan Knuth, Customer Support Manager at Industrial Ryan ,

We checked this issue and it seems that everything is OK at IIS side. Directory browsing is disabled for all the folders but for some reason directories are showing for http://dev.investorstatelawguide.com/highlighter/viewer/locale/ URL only. We will investigate this in more detail and let you know if found anything.
Notified 3 people
Ryan Knuth, Customer Support Manager at Industrial Ryan Knuth, Customer Support Manager
Great, thanks Anil Vaghela Anil !
Notified 3 people
Morgan Maguire, CEO
Morgan Maguire completed this to-do.