If I configure an .htaccess
file like this :
RewriteEngine On
RewriteRule ^([^/]*)$ /view.php?key=$1 [L]
Which transforms:
original URL http://www.example.com/view.php?key=123
rewritten URL http://www.example.com/123
Is there any way for an attacker to find the real PHP file (here view.php
) and directly access it (in the URL bar)?
Considering URL-bruteforce is not an option, nor .htaccess
reading.