Automate Recon and scanning process with Vidoc. All security teams in one place
By kannthu
The "VSCode SFTP File Exposure" module is designed to detect a vulnerability in the VSCode SFTP extension. This module targets the sensitive files created by the extension, which may contain SFTP/SSH server details and credentials. The severity of this vulnerability is classified as high.
Author: geeknik
If exploited, this vulnerability could expose sensitive information, such as server details and credentials, to unauthorized individuals. This could potentially lead to unauthorized access to the SFTP/SSH server and compromise the security of the system.
The module works by sending HTTP requests to specific paths, including "/sftp.json", "/.config/sftp.json", and "/.vscode/sftp.json". It then applies matching conditions to determine if the sensitive information is exposed.
Example HTTP request:
GET /sftp.json
The module uses the following matching conditions:
- The response body must contain the words "name", "host", and "protocol". - The response header must contain the word "application/json". - The response status code must be 200.If all the matching conditions are met, the module reports the vulnerability.
Metadata
verified: true
shodan-query: html:"sftp.json"