Lack of interest Admin pages URL results in a login or 404

This suggestion has been closed automatically because it did not receive enough votes over an extended period of time. If you wish to see this, please search for an open suggestion and, if you don't find any, post a new one.
Marcel

Marcel

Active member
I apologise if this isn't in anyway a suitable suggestion, or I'm talking out of my inexperienced backside :D

Just doing some testing on an addon, and I mistakenly mistyped an admin URL and noticed something.

If I browse to

admin.php?banners/add

while not logged in, I get a login request

If I browse to

admin.php?banners/nonexistent

Then it gives me a specific 404.

WRT to security. Yes "banners" is quite generic, but if a security risk was found in a particular addon, this would be a way to confirm the existence of said addon in an installation wouldn't it?
 
Upvote 1
This suggestion has been closed. Votes are no longer accepted.
I would say you're right but the admincp should really be htaccess protected anyway, nullifying this issue/suggestion :)

Liam
 

Similar threads

JackieChun
  • Suggestion Suggestion
Deleted threads should return a 410 server message instead of 404
Replies
11
Views
1K
MySiteGuy
MySiteGuy
creativeforge
Include full message text in emails: for admin and mods only?
Replies
6
Views
572
creativeforge
creativeforge
a1000
  • Question Question
XF 2.2 Securing Admin Login Page - General Security Tips
Replies
15
Views
1K
S4m'
S4m'
webmasterxl
  • Question Question
XF 2.2 Error 404 when "Use Full Friendly URLs" enabled (XF in subdirectory of Wordpress)
Replies
10
Views
1K
Mr Lucky
Mr Lucky
Sanmu
  • Solved
Moved Xenforo from root to folder, added a WordPress in the root. Now massive 404 from Google search result
Replies
6
Views
981
Sanmu
Sanmu
Top Bottom