You can download any file by URL?

    Diese Seite verwendet Cookies. Durch die Nutzung unserer Seite erklären Sie sich damit einverstanden, dass wir Cookies setzen. Weitere Informationen

    • You can download any file by URL?

      I just discovered that even with webinterface authentication enabled you can download any file through URL.

      For example after IP of DM type /file?file=%2Fusr%2Fkeys%2Fnewcamd.list and you can download newcamd.list file.

      I typed "Dreambox WebControl" in google and got list of unprotected dreambox interfaces. I typed this "file?..." after URL and I was able to download ANY file!!! ?(

      So my question is: Can I protect directory from accesing by URL?

      I redirected 80 port to my Dreambox, I enabled password authentication in plugin settings but anyone with my IP can access any file with playing with URL.