Files of the VTB postcard site in the public domain
Climbed today on the site Lebedev, sites to see what he does. Then I went to 20.vtb.ru - a postcard site which they did as part of the 20th anniversary of VTB. And surprisingly I found out that besides Lebedev is making sites on Bitrix, the engine folders are still not closed.
Found some interesting points:
In principle, it’s possible not to talk about the opening of the path (when trying to execute separate php files)
20.vtb.ru/bitrix/templates/als_vtb20/data.txt - congratulations and curses from VTB clients to their own bank - there are some funny ones (for example, options for an erotic journey on foot due to inadequate percentages have already accumulated 27 pieces;))
20.vtb.ru/bitrix/templates/als_vtb20/header.php_bk20101223_1837.txt - backup php-file for copyright Lebedev - if anyone suddenly wonders how they write the code
20.vtb.ru/bitrix/modules/lol.webdavadm - I wonder who flooded it there?
20.vtb.ru/bitrix/modules/security/admin/security_panel.php - unclosed access to the Bitrix admin panel.
In principle, it is clear that when creating a website in a design studio, issues between the designer and the copywriter are primarily discussed, and the technologist remains essentially a draft work ... But what prevented me from adding something like the following to the .htaccess I do not understand.
PS It is worth noting that the main VTB site was done by another office. And although also on Bitrix, but without jambs with open folders as a postcard site:
www.vtb.ru/bitrix/modules
Found some interesting points:
In principle, it’s possible not to talk about the opening of the path (when trying to execute separate php files)
Fatal error: Call to undefined function IncludeModuleLangFile() in /u00/app/bitrix/Apache/htdocs/bitrix/modules/corp_events/include.php on line 420.vtb.ru/bitrix/templates/als_vtb20/data.txt - congratulations and curses from VTB clients to their own bank - there are some funny ones (for example, options for an erotic journey on foot due to inadequate percentages have already accumulated 27 pieces;))
20.vtb.ru/bitrix/templates/als_vtb20/header.php_bk20101223_1837.txt - backup php-file for copyright Lebedev - if anyone suddenly wonders how they write the code
20.vtb.ru/bitrix/modules/lol.webdavadm - I wonder who flooded it there?
20.vtb.ru/bitrix/modules/security/admin/security_panel.php - unclosed access to the Bitrix admin panel.
In principle, it is clear that when creating a website in a design studio, issues between the designer and the copywriter are primarily discussed, and the technologist remains essentially a draft work ... But what prevented me from adding something like the following to the .htaccess I do not understand.
<FilesMatch "\.(inc|info|templates|modules|profile|po|sh|.*sql|theme|tpl(\.php)?|xtmpl|svn-base)$|^(code-style\.pl|Entries.*|Repository|Root|Tag|Template|all-wcprops|entries|format)$">
Order allow,deny
</FilesMatch>
PS It is worth noting that the main VTB site was done by another office. And although also on Bitrix, but without jambs with open folders as a postcard site:
www.vtb.ru/bitrix/modules
')
Source: https://habr.com/ru/post/115914/
All Articles