WS FTP File Disclosure

ID: ws-ftp-log

Severity: low

Author: Hardik-Solanki

Tags: exposure,ftp,logs

Description

WS_FTP software, which is a popular FTP (File Transfer Protocol) client used for transferring files between a local computer and a remote server has its log file exposed.

YAML Source

id: ws-ftp-log

info:
  name: WS FTP File Disclosure
  author: Hardik-Solanki
  severity: low
  description: WS_FTP software, which is a popular FTP (File Transfer Protocol) client used for transferring files between a local computer and a remote server has its log file exposed.
  classification:
    cpe: cpe:2.3:a:ipswitch:ws_ftp:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 2
    vendor: ipswitch
    product: ws_ftp
    google-query: intitle:"Index of" ws_ftp.log
  tags: exposure,ftp,logs

http:
  - method: GET
    path:
      - '{{BaseURL}}/ws_ftp.log'
      - '{{BaseURL}}/WS_FTP.LOG'

    stop-at-first-match: true

    matchers-condition: and
    matchers:
      - type: regex
        regex:
          - '\d{4}\.\d{2}\.\d{2} \d{2}:\d{2} [A-Z] C:\\'
          - '\d{4}\.\d{2}\.\d{2} \d{2}:\d{2} [A-Z] D:\\'
        condition: or

      - type: status
        status:
          - 200
# digest: 4a0a0047304502210092dbff3194b42fdf988ca614801487442f1870d168d97b10ebceb4b12141495a02202aea74d457a5f15cdb439c843a88de60efd5d4fd33639bb34578b48a8fdee517:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

$ nuclei -u "URL" -t "http/exposures/logs/ws-ftp-log.yaml"

View on Github