Automate Recon and scanning process with Vidoc. All security teams in one place
By kannthu
The "WS FTP File Disclosure" module is designed to detect a specific vulnerability in the WS FTP software. This vulnerability allows unauthorized access to sensitive files stored on the FTP server. The severity of this vulnerability is classified as low.
This module was authored by Hardik-Solanki.
If exploited, the "WS FTP File Disclosure" vulnerability can lead to the exposure of sensitive information stored on the FTP server. This includes log files that may contain valuable data such as login credentials, IP addresses, and file transfer details. Attackers can leverage this information for further malicious activities, such as unauthorized access or targeted attacks.
The "WS FTP File Disclosure" module works by sending HTTP requests to the target server and analyzing the responses. It looks for specific patterns in the response body to identify the presence of sensitive log files. The module checks for two possible file paths: "/ws_ftp.log" and "/WS_FTP.LOG".
The module uses two matching conditions to confirm the presence of the vulnerability. First, it checks if the response status code is 200, indicating a successful request. Second, it applies a regular expression pattern match to identify specific date and time patterns followed by drive letters (C:\ or D:\) in the response body.
Here is an example of an HTTP request sent by the module:
GET /ws_ftp.log HTTP/1.1
Host: [target server]
If both matching conditions are met, the module reports the vulnerability, allowing further investigation and remediation.
It is important to note that this module is part of the Vidoc platform, which utilizes multiple modules to perform comprehensive scanning and testing for various vulnerabilities, misconfigurations, and software identification.