Привет, во время сканирования с помощью acunetix нашел такие файлы :
https://www.********.com/web.config
<?xml version="1.0" encoding="UTF-8"?>
<!-- This file is to support redirection in IIS.
This file is harmless if you are running under Apache -->
<configuration>
<system.webServer>
<rewrite>
<rules>
<clear /> <!-- reset other rewrite rules -->
<!-- Remove this line for secure server redirection
<rule name="Redirect to https" stopProcessing="true">
<match url=".*" />
<conditions>
<add input="{HTTPS}" pattern="off" ignoreCase="true" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}{REQUEST_URI}" redirectType="Permanent" appendQueryString="false" />
</rule>
Remove this line for secure server redirection -->
<rule name="Css" stopProcessing="true">
<match url="^css.php$" ignoreCase="false" />
<action type="Rewrite" url="core/css.php" />
</rule>
<rule name="Installer" stopProcessing="true">
<match url="^install/" ignoreCase="true" />
<action type="Rewrite" url="core/install/" />
</rule>
<rule name="Main Redirect" stopProcessing="true">
<match url="^(.*)$" ignoreCase="false" />
<conditions logicalGrouping="MatchAll">
<add input="{REQUEST_FILENAME}" matchType="IsFile" ignoreCase="false" negate="true" />
<add input="{REQUEST_FILENAME}" matchType="IsDirectory" ignoreCase="false" negate="true" />
</conditions>
<action type="Rewrite" url="index.php?routestring={R:1}" />
</rule>
<rule name="Admincp" stopProcessing="true">
<match url="^(admincp/)$" ignoreCase="false" />
<action type="Rewrite" url="index.php?routestring={R:1}" />
</rule>
</rules>
</rewrite>
</system.webServer>
</configuration>
https://www.********.com/htaccess.txt
<IfModule mod_rewrite.c>
RewriteEngine On
# In some cases where you have other mod_rewrite rules, you may need to remove the
# comment on the following RewriteBase line and change it to match your folder name.
# This resets the other mod_rewrite rules for just this directory
# If your site was www.example.com/forum, the setting would be /forum/
#RewriteBase /
#To redirect users to the secure version of your site, uncomment the lines below
#RewriteCond %{HTTPS} !=on
#RewriteRule .* https://%{SERVER_NAME}%{REQUEST_URI} [R=301,L]
# Send css calls directly to the correct file VBV-7807
RewriteRule ^css.php$ core/css.php [NC,L]
# Redirect old install path to core.
RewriteRule ^install/ core/install/ [NC,L]
# Main Redirect
RewriteCond %{REQUEST_URI} !\.(gif|jpg|jpeg|png|css)$
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ index.php?routestring=$1 [L,QSA]
# Because admincp is an actual directory.
RewriteRule ^(admincp/)$ index.php?routestring=$1 [L,QSA]
</IfModule>
<IfModule mod_deflate.c>
AddOutputFilterByType DEFLATE application/atom+xml \
text/javascript \
application/x-javascript \
application/javascript \
application/json \
application/rss+xml \
application/vnd.ms-fontobject \
application/x-font-ttf \
application/xhtml+xml \
application/xml \
font/opentype \
image/svg+xml \
image/x-icon \
text/css \
text/html \
text/plain \
text/x-component \
text/xml
</IfModule>
<IfModule mod_expires.c>
ExpiresActive On
ExpiresByType application/x-javascript A1209600
ExpiresByType text/javascript A1209600
ExpiresByType application/javascript A1209600
ExpiresByType text/css A31536000
ExpiresByType image/x-icon A2592000
ExpiresByType image/icon A2592000
ExpiresByType application/x-ico A2592000
ExpiresByType application/ico A2592000
ExpiresByType image/gif A2592000
ExpiresByType image/jpeg A1209600
ExpiresByType image/jpg A1209600
ExpiresByType image/png A1209600
ExpiresByType application/x-shockwave-flash A1209600
ExpiresByType font/ttf A2592000
ExpiresByType font/otf A2592000
ExpiresByType font/x-woff A2592000
ExpiresByType image/svg+xml A2592000
ExpiresByType font/truetype A2592000
ExpiresByType font/opentype A2592000
ExpiresByType application/x-font-woff A2592000
ExpiresByType application/vnd.ms-fontobject A2592000
</IfModule>
<IfModule mod_headers.c>
Header set Connection keep-alive
<filesmatch "\.(ico|flv|gif|swf|eot|woff|otf|ttf|svg)$">
Header set Cache-Control "max-age=2592000, public"
</filesmatch>
<filesmatch "\.(jpg|jpeg|png)$">
Header set Cache-Control "max-age=1209600, public"
</filesmatch>
<filesmatch "\.(eot|woff|otf|ttf|svg)$">
Header set Cache-Control "max-age=2592000, public"
</filesmatch>
# css and js should use private for proxy caching https://developers.google.com/speed/docs/best-practices/caching#LeverageProxyCaching
<filesmatch "\.(css)$">
Header set Cache-Control "max-age=31536000, private"
</filesmatch>
<filesmatch "\.(js)$">
Header set Cache-Control "max-age=1209600, private"
</filesmatch>
</IfModule>
#don't allow some files that shouldn't really be present to be directly accessed.
#note that attachements should never be directly accessed by the webserver because
#we have permissions on the that are checked in the PHP code.
<FilesMatch "(^#.*#|\.(bak|config|dist|inc|ini|log|gz|tar|zip|sh|sql|sw[op])|~)$">
Order allow,deny
Deny from all
Satisfy All
</FilesMatch>
_____________________________________
Так как пока мало разбираюсь, что тут интересного можно сделать?
https://www.********.com/web.config
<?xml version="1.0" encoding="UTF-8"?>
<!-- This file is to support redirection in IIS.
This file is harmless if you are running under Apache -->
<configuration>
<system.webServer>
<rewrite>
<rules>
<clear /> <!-- reset other rewrite rules -->
<!-- Remove this line for secure server redirection
<rule name="Redirect to https" stopProcessing="true">
<match url=".*" />
<conditions>
<add input="{HTTPS}" pattern="off" ignoreCase="true" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}{REQUEST_URI}" redirectType="Permanent" appendQueryString="false" />
</rule>
Remove this line for secure server redirection -->
<rule name="Css" stopProcessing="true">
<match url="^css.php$" ignoreCase="false" />
<action type="Rewrite" url="core/css.php" />
</rule>
<rule name="Installer" stopProcessing="true">
<match url="^install/" ignoreCase="true" />
<action type="Rewrite" url="core/install/" />
</rule>
<rule name="Main Redirect" stopProcessing="true">
<match url="^(.*)$" ignoreCase="false" />
<conditions logicalGrouping="MatchAll">
<add input="{REQUEST_FILENAME}" matchType="IsFile" ignoreCase="false" negate="true" />
<add input="{REQUEST_FILENAME}" matchType="IsDirectory" ignoreCase="false" negate="true" />
</conditions>
<action type="Rewrite" url="index.php?routestring={R:1}" />
</rule>
<rule name="Admincp" stopProcessing="true">
<match url="^(admincp/)$" ignoreCase="false" />
<action type="Rewrite" url="index.php?routestring={R:1}" />
</rule>
</rules>
</rewrite>
</system.webServer>
</configuration>
https://www.********.com/htaccess.txt
<IfModule mod_rewrite.c>
RewriteEngine On
# In some cases where you have other mod_rewrite rules, you may need to remove the
# comment on the following RewriteBase line and change it to match your folder name.
# This resets the other mod_rewrite rules for just this directory
# If your site was www.example.com/forum, the setting would be /forum/
#RewriteBase /
#To redirect users to the secure version of your site, uncomment the lines below
#RewriteCond %{HTTPS} !=on
#RewriteRule .* https://%{SERVER_NAME}%{REQUEST_URI} [R=301,L]
# Send css calls directly to the correct file VBV-7807
RewriteRule ^css.php$ core/css.php [NC,L]
# Redirect old install path to core.
RewriteRule ^install/ core/install/ [NC,L]
# Main Redirect
RewriteCond %{REQUEST_URI} !\.(gif|jpg|jpeg|png|css)$
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ index.php?routestring=$1 [L,QSA]
# Because admincp is an actual directory.
RewriteRule ^(admincp/)$ index.php?routestring=$1 [L,QSA]
</IfModule>
<IfModule mod_deflate.c>
AddOutputFilterByType DEFLATE application/atom+xml \
text/javascript \
application/x-javascript \
application/javascript \
application/json \
application/rss+xml \
application/vnd.ms-fontobject \
application/x-font-ttf \
application/xhtml+xml \
application/xml \
font/opentype \
image/svg+xml \
image/x-icon \
text/css \
text/html \
text/plain \
text/x-component \
text/xml
</IfModule>
<IfModule mod_expires.c>
ExpiresActive On
ExpiresByType application/x-javascript A1209600
ExpiresByType text/javascript A1209600
ExpiresByType application/javascript A1209600
ExpiresByType text/css A31536000
ExpiresByType image/x-icon A2592000
ExpiresByType image/icon A2592000
ExpiresByType application/x-ico A2592000
ExpiresByType application/ico A2592000
ExpiresByType image/gif A2592000
ExpiresByType image/jpeg A1209600
ExpiresByType image/jpg A1209600
ExpiresByType image/png A1209600
ExpiresByType application/x-shockwave-flash A1209600
ExpiresByType font/ttf A2592000
ExpiresByType font/otf A2592000
ExpiresByType font/x-woff A2592000
ExpiresByType image/svg+xml A2592000
ExpiresByType font/truetype A2592000
ExpiresByType font/opentype A2592000
ExpiresByType application/x-font-woff A2592000
ExpiresByType application/vnd.ms-fontobject A2592000
</IfModule>
<IfModule mod_headers.c>
Header set Connection keep-alive
<filesmatch "\.(ico|flv|gif|swf|eot|woff|otf|ttf|svg)$">
Header set Cache-Control "max-age=2592000, public"
</filesmatch>
<filesmatch "\.(jpg|jpeg|png)$">
Header set Cache-Control "max-age=1209600, public"
</filesmatch>
<filesmatch "\.(eot|woff|otf|ttf|svg)$">
Header set Cache-Control "max-age=2592000, public"
</filesmatch>
# css and js should use private for proxy caching https://developers.google.com/speed/docs/best-practices/caching#LeverageProxyCaching
<filesmatch "\.(css)$">
Header set Cache-Control "max-age=31536000, private"
</filesmatch>
<filesmatch "\.(js)$">
Header set Cache-Control "max-age=1209600, private"
</filesmatch>
</IfModule>
#don't allow some files that shouldn't really be present to be directly accessed.
#note that attachements should never be directly accessed by the webserver because
#we have permissions on the that are checked in the PHP code.
<FilesMatch "(^#.*#|\.(bak|config|dist|inc|ini|log|gz|tar|zip|sh|sql|sw[op])|~)$">
Order allow,deny
Deny from all
Satisfy All
</FilesMatch>
_____________________________________
Так как пока мало разбираюсь, что тут интересного можно сделать?
