hi wlecome to 1998
On Sun, 15 Aug 2004 05:19:02 -0700 (PDT), Gaurang Pandya <[EMAIL PROTECTED]> wrote: > Hi, > > WS_FTP is a popular & feature rich ftp client. It > makes upload/download as easy as drag & drop. But > mostly peoples using this forget that it creates a log > file with name ws_ftp.log. This file holds sensitive > data such as file source/destination and file name, > date/time of upload etc., People when use this to > upload files to their website, never know that along > with other files even ws_ftp.log file also gets > uploaded to the webserver, making it globally > accessible. > > One can find thousands of ws_ftp.log files with a > quick google search as follows, > > http://www.google.com/search?hl=en&ie=UTF-8&q=inurl%3Aws_ftp.log > > now people might use extensive google search to find > files that have got copied to web server recently with > following query, which will show you what files > actually got copied in Auguts 2004, because its likely > that those files will still be in there in web server. > > http://www.google.com/search?hl=en&lr=&ie=UTF-8&q=2004.08+inurl%3Aws_ftp.log+&btnG=Search > > An attacker has a look at cached google page (without > actually hitting the target & leaving traces at > webserver logs) and quickly finds out some vital > informations such as, > > 1. Exact location of file in web server (i.e., > /usr/local/www/test/abc.htm instead of > www.web.dom/test/abc.htm). > > 2. It some times also gives user names(in case where > web master gives each user a directory to host their > websites), which later can be used with brute > force/dictonary attack to gain access to web server. > > 3. It makes it easy to find/download vulnerable > scripts or classes in a website, with again just a > google search, as given below. Which otherwise can be > found by viewing source of html file. Which can later > be use to attack the host. > > http://www.google.com/search?hl=en&lr=&ie=UTF-8&q=class+2004.08+inurl%3Aws_ftp.log+ > > Other than that it also (sometimes) gives internal > hostname/ip address of webserver. > > Recommendation: > Please remove ws_ftp.log file from website after data > movement, and webmasters are requested to scan/remove > such files from webserver (in case files are uploaded > by some one else). Which can easily be done by a cron > job. > > Special Thanks to: > Johnny Long (http://johnny.ihackstuff.com) for his > wonderful work of "The Google Hackerïs Guide > Understanding and Defending Against > the Google Hacker" > > Thanks & Regards, > > Gaurang. > http://www.geocities.com/gaurangpandya/ > > __________________________________ > Do you Yahoo!? > Yahoo! Mail - 50x more storage than other providers! > http://promotions.yahoo.com/new_mail > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html > -- - illwill http://illmob.org _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
