Automate Recon and scanning process with Vidoc. All security teams in one place
By kannthu
The "Thumbs DB Disclosure" module is designed to detect the presence of Thumbs.db files on a target system. Thumbs.db files are generated by Windows operating systems to store thumbnail images of the contents of a folder. This module focuses on identifying any misconfigurations or vulnerabilities related to the exposure of Thumbs.db files.
This module has an informative severity level, meaning it provides valuable information without indicating a critical vulnerability or misconfiguration.
The exposure of Thumbs.db files can potentially reveal sensitive information about the contents of a folder, including file names and image previews. This information could be exploited by attackers to gain insights into the target system's file structure and potentially identify valuable targets for further exploitation.
The "Thumbs DB Disclosure" module works by sending a GET request to the "/Thumbs.db" path on the target system. It then applies two matching conditions to determine if the Thumbs.db file is present:
If both matching conditions are met, the module reports the vulnerability, indicating the presence of Thumbs.db files on the target system.