Vulnerability for direct file downloads

  • I have the premium version and so far support has been unable to help.
    I am not with a cheap host or anything where I am restricted in terms of settings and so on.
    If an s2member (free or paid) website can check the following:

    – Is your download file protcted? I do not mean the url that includes the ? with it, I mean the direct link i.e. /plugins/s2member-files/ even if its a ccap folder.

    Check if you can download it without being logged in (use a different browser or clear cookies 1st).

    So far support has given no solution (1 week now).

    https://www.ads-software.com/plugins/s2member/

Viewing 8 replies - 1 through 8 (of 8 total)

  • I have just answered a similar question (presumably from you) from you on s2Member’s own forum. Now I find this here! Why you have to ask the same question in two places is beyond me.

    It’s also beyond me why you don’t follow the instructions given for protecting file downloads and then claim that there is a vulnerability!

    I have hundreds of files protected by s2Member, and they all work perfectly! But, then again, I did bother to read the instructions.

    Thread Starter Appears-Appears

    (@appears-appears)

    KTS!

    Different audiences, different forum.

    I have read the instructions.

    Read my post again.

    The file is in the protected directory but can still be accessed publicly. If I use the /?s2member_file_download=example-file.zip it protects the file from non-members (i.e. public) but the actual link /s2member-files/example-file.zip is accessible by everyone.

    Both things you referenced to do not solve this issue.

    So what you’re saying is that if you do it right, it works, but if you do it wrong it doesn’t!

    Well, who’d have thought it?!

    Thread Starter Appears-Appears

    (@appears-appears)

    I don’t think you understand…

    – When a user registers they can easily know its wordpress and s2member plugin from the download link

    – They can easily know the file directory (wp-content/plugins/s2member-files/any-ccap-files/xx.zip

    This means they can share the link with unlimited access to any non-user or user.

    Then you have a theme or plugin conflict.

    Thread Starter Appears-Appears

    (@appears-appears)

    I’ve disabled all themes and plugins.

    Still does it… hence I am asking other users to check.

    … and I’m another user who’s checked. I’ve even tried a seriously out-of-date browser just for the heck of it. And I’m redirected as expected every time, even when I use the direct URL.

    The problem is on your site, I’m afraid. There’s obviously something going on there which is specific to you. That’s why the s2Member support team can’t help. I suspect that they can’t reproduce it any more than I can.

    So you need to talk to your host or pay a developer to help you.

    Thread Starter Appears-Appears

    (@appears-appears)

    Okay, so I (think) it is sorted.

    – Turned off the firewall in WPSecurity Plugin
    – Turned off the brute force and IP restrictions in S2member (Restriction options)
    – Checked the .htaccess in route folder and in s2-memberfiles/ folder and neither had execute permissions. Updated them to have execute permission.

    Seems to have fixed it, will check it again and see.

Viewing 8 replies - 1 through 8 (of 8 total)
  • The topic ‘Vulnerability for direct file downloads’ is closed to new replies.