Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

Filezilla

By kannthu

Medium
Vidoc logoVidoc Module
#exposure#files
Description

What is Filezilla?

Filezilla is a software that allows users to transfer files between their local computer and a remote server. This module focuses on detecting vulnerabilities in Filezilla installations.

Severity: medium

Author: amsda

Impact

If a vulnerability is detected in Filezilla, it could potentially expose sensitive files and data to unauthorized access. This can lead to data breaches, unauthorized modifications, and other security risks.

How the module works?

This module works by sending HTTP requests to specific paths in the Filezilla installation. It looks for specific patterns and conditions to determine if a vulnerability exists.

Example HTTP request:

GET /filezilla.xml

The module uses the following matching conditions:

- The response body must contain the words "<FileZilla" and "<Servers>". - The response headers must contain the word "xml". - The response status code must be 200.

If all of these conditions are met, the module reports a vulnerability in the Filezilla installation.

Note: This module only detects vulnerabilities and does not perform any modifications or fixes.

Module preview

Concurrent Requests (1)
1. HTTP Request template
GET/filezilla.xml/sitemanager.xml/FileZilla.xml
Matching conditions
word: <FileZilla, <Servers>and
word: xmland
status: 200
Passive global matcher
No matching conditions.
On match action
Report vulnerability