Automate Recon and scanning process with Vidoc. All security teams in one place
By kannthu
The "WS FTP File Disclosure" module is designed to detect a specific vulnerability in the WS FTP software. This vulnerability allows unauthorized access to sensitive files stored on an FTP server. The severity of this vulnerability is classified as low.
This module was authored by DhiyaneshDK.
If exploited, the WS FTP File Disclosure vulnerability can lead to the exposure of sensitive information stored on the FTP server. This includes details such as the host, user ID, and directory information.
The module works by sending an HTTP GET request to the server, targeting the "/ws_ftp.ini" file. It then applies matching conditions to determine if the vulnerability is present.
The matching conditions for this module are as follows:
- The response body must contain the words "HOST=", "UID=", and "DIR=". - The HTTP response status code must be 200.If both conditions are met, the module will report the vulnerability.
Example HTTP request:
GET /ws_ftp.ini
Note: The above example is a simplified representation of the HTTP request and does not include headers or other details.