Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

Thumbs DB Disclosure

By kannthu

Informative
Vidoc logoVidoc Module
#exposure#files
Description

What is the "Thumbs DB Disclosure?"

The "Thumbs DB Disclosure" module is designed to detect the presence of Thumbs.db files on a target system. Thumbs.db files are generated by Windows operating systems to store thumbnail images of the contents of a folder. This module focuses on identifying any misconfigurations or vulnerabilities related to the exposure of Thumbs.db files.

This module has an informative severity level, meaning it provides valuable information without indicating a critical vulnerability or misconfiguration.

Impact

The exposure of Thumbs.db files can potentially reveal sensitive information about the contents of a folder, including file names and image previews. This information could be exploited by attackers to gain insights into the target system's file structure and potentially identify valuable targets for further exploitation.

How the module works?

The "Thumbs DB Disclosure" module works by sending a GET request to the "/Thumbs.db" path on the target system. It then applies two matching conditions to determine if the Thumbs.db file is present:

    - The module checks if the response body of the GET request contains the binary signature "D0CF11E0A1B11AE1". This signature is specific to Thumbs.db files and helps identify their presence. - The module also verifies if the response status code is 200, indicating a successful request. This ensures that the Thumbs.db file is accessible and can be potentially exposed.

If both matching conditions are met, the module reports the vulnerability, indicating the presence of Thumbs.db files on the target system.

Module preview

Concurrent Requests (1)
1. HTTP Request template
GET/Thumbs.db
Matching conditions
binary: D0CF11E0A1B11AE1and
status: 200
Passive global matcher
No matching conditions.
On match action
Report vulnerability