Automate Recon and scanning process with Vidoc. All security teams in one place
By kannthu
The "FTP credentials exposure" module is designed to detect instances where FTP credentials are exposed. It targets the FTPSync software and has a medium severity level. The original author of this module is pikpikcu.
If FTP credentials are exposed, it can lead to unauthorized access to sensitive information and potential security breaches. Attackers can use the exposed credentials to gain unauthorized access to FTP servers and potentially compromise the integrity and confidentiality of data.
The "FTP credentials exposure" module works by sending an HTTP GET request to the "/ftpsync.settings" path. It then applies matching conditions to determine if FTP credentials are exposed. The module checks if the response body contains specific keywords such as "FTPSync", "overwrite_newer_prevention", and "default_folder_permissions". Additionally, it verifies that the response status code is 200.
By analyzing the response, the module can identify instances where FTP credentials are exposed in the FTPSync software configuration. If the matching conditions are met, the module will report a vulnerability.
Here is an example of an HTTP request sent by the module:
GET /ftpsync.settings
The module applies the following matching conditions:
- The response body must contain the keywords "FTPSync", "overwrite_newer_prevention", and "default_folder_permissions". - The response status code must be 200.If both conditions are met, the module will identify the presence of FTP credentials exposure.