|
|
|
|
|
|
by komali2
1087 days ago
|
|
|
Isn't setting correct permissions for www-data like, the first note in a bunch of "secure your web server" tutorials? I thought if read is only set for the directory with actual public files, and not for the parent directory, there should be no traversal possible like this? |
|
|
It is indeed. And yet here we are.