WS_FTP Log Found

Description

Kayran has detected a WS_FTP.LOG, which is a file created when using an FTP client called WS_FTP.
When people use WS_FTP to upload files to their website, they sometimes forget that, along with other files, WS_FTP.LOG file may be uploaded to the webserver, which makes it accessible and visible to anyone.

Since this file contain sensitive information regarding file meant to be hidden and their locations and directories found on the web root, as well as information about usernames and hostnames used in the site to enact certain actions.
In short, such vulnerability may lead to Information Disclosure, assisting attackers to conduct attacks against your assets.

Recommendation

Make sure this file, and other similar ones, are being either removed from your site. If removing them is not optional, access to them should be limited to authorized persons only.

References

https://cwe.mitre.org/data/definitions/200.html

< Return to all Vulnerabilities

Blue Team

We’ve talked about The Red Team before, but what about The Blue Team? How is this group different from the red one? Why would we

Read More »

Man-In-The-Middle Attacks

Do you know these people who just push themselves into conversations?That’s Man-In-The-Middle Attacks. And from a wider angle, Man-In-The-Middle Attacks, or MITM, are built around

Read More »