Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
Re: [Full-Disclosure] ws_ftp.log
From: Ill will (xillwillxgmail.com)
Date: Sun Aug 15 2004 - 09:59:09 CDT
hi wlecome to 1998
On Sun, 15 Aug 2004 05:19:02 -0700 (PDT), Gaurang Pandya
> WS_FTP is a popular & feature rich ftp client. It
> makes upload/download as easy as drag & drop. But
> mostly peoples using this forget that it creates a log
> file with name ws_ftp.log. This file holds sensitive
> data such as file source/destination and file name,
> date/time of upload etc., People when use this to
> upload files to their website, never know that along
> with other files even ws_ftp.log file also gets
> uploaded to the webserver, making it globally
> One can find thousands of ws_ftp.log files with a
> quick google search as follows,
> now people might use extensive google search to find
> files that have got copied to web server recently with
> following query, which will show you what files
> actually got copied in Auguts 2004, because its likely
> that those files will still be in there in web server.
> An attacker has a look at cached google page (without
> actually hitting the target & leaving traces at
> webserver logs) and quickly finds out some vital
> informations such as,
> 1. Exact location of file in web server (i.e.,
> /usr/local/www/test/abc.htm instead of
> 2. It some times also gives user names(in case where
> web master gives each user a directory to host their
> websites), which later can be used with brute
> force/dictonary attack to gain access to web server.
> 3. It makes it easy to find/download vulnerable
> scripts or classes in a website, with again just a
> google search, as given below. Which otherwise can be
> found by viewing source of html file. Which can later
> be use to attack the host.
> Other than that it also (sometimes) gives internal
> hostname/ip address of webserver.
> Please remove ws_ftp.log file from website after data
> movement, and webmasters are requested to scan/remove
> such files from webserver (in case files are uploaded
> by some one else). Which can easily be done by a cron
> Special Thanks to:
> Johnny Long (http://johnny.ihackstuff.com) for his
> wonderful work of "The Google Hacker�s Guide
> Understanding and Defending Against
> the Google Hacker"
> Thanks & Regards,
> Do you Yahoo!?
> Yahoo! Mail - 50x more storage than other providers!
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
Full-Disclosure - We believe in it.