Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

ProFTPD Config file disclosure

By kannthu

Low
Vidoc logoVidoc Module
#config#exposure#proftpd
Description

What is the "ProFTPD Config file disclosure?"

The "ProFTPD Config file disclosure" module is designed to detect a specific misconfiguration in the ProFTPD software. ProFTPD is an open-source FTP server software commonly used on Unix-like operating systems. This module focuses on identifying a vulnerability related to the exposure of the ProFTPD configuration file.

The severity of this vulnerability is classified as low, indicating that it may not pose a significant risk but should still be addressed to ensure the security of the server.

This module was authored by sheikhrishad.

Impact

If the ProFTPD configuration file is exposed, it can potentially reveal sensitive information about the server's setup and configuration. This information could be exploited by attackers to gain unauthorized access or gather intelligence for further attacks.

How does the module work?

The "ProFTPD Config file disclosure" module operates by sending an HTTP GET request to the "/proftpd.conf" path on the target server. It then applies matching conditions to determine if the ProFTPD configuration file is exposed.

The matching conditions used in this module are:

- Word Matcher: The module checks if the response body contains the words "ProFTPD" and "ServerName". This helps identify if the configuration file is present. - Status Matcher: The module verifies if the HTTP response status is 200, indicating a successful request. This confirms that the configuration file is accessible.

By combining these matching conditions, the module can accurately detect if the ProFTPD configuration file is disclosed.

Module preview

Concurrent Requests (1)
1. HTTP Request template
GET/proftpd.conf
Matching conditions
word: ProFTPD, ServerNameand
status: 200
Passive global matcher
No matching conditions.
On match action
Report vulnerability