Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

WS FTP File Disclosure

By kannthu

Low
Vidoc logoVidoc Module
#exposure#ftp#files
Description

WS FTP File Disclosure

What is the "WS FTP File Disclosure?"

The "WS FTP File Disclosure" module is designed to detect a specific vulnerability in the WS FTP software. This vulnerability allows unauthorized access to sensitive files stored on an FTP server. The severity of this vulnerability is classified as low.

This module was authored by DhiyaneshDK.

Impact

If exploited, the WS FTP File Disclosure vulnerability can lead to the exposure of sensitive information stored on the FTP server. This includes details such as the host, user ID, and directory information.

How does the module work?

The module works by sending an HTTP GET request to the server, targeting the "/ws_ftp.ini" file. It then applies matching conditions to determine if the vulnerability is present.

The matching conditions for this module are as follows:

- The response body must contain the words "HOST=", "UID=", and "DIR=". - The HTTP response status code must be 200.

If both conditions are met, the module will report the vulnerability.

Example HTTP request:

GET /ws_ftp.ini

Note: The above example is a simplified representation of the HTTP request and does not include headers or other details.

Module preview

Concurrent Requests (1)
1. HTTP Request template
GET/ws_ftp.ini
Matching conditions
word: HOST=, UID=, DIR=and
status: 200
Passive global matcher
No matching conditions.
On match action
Report vulnerability