WS_FTP Log Found

Description

Kayran has detected a WS_FTP.LOG, which is a file created when using an FTP client called WS_FTP.
When people use WS_FTP to upload files to their website, they sometimes forget that, along with other files, WS_FTP.LOG file may be uploaded to the webserver, which makes it accessible and visible to anyone.

Since this file contain sensitive information regarding file meant to be hidden and their locations and directories found on the web root, as well as information about usernames and hostnames used in the site to enact certain actions.
In short, such vulnerability may lead to Information Disclosure, assisting attackers to conduct attacks against your assets.

Recommendation

Make sure this file, and other similar ones, are being either removed from your site. If removing them is not optional, access to them should be limited to authorized persons only.

References

https://cwe.mitre.org/data/definitions/200.html

< Return to all Vulnerabilities

The Cloud

I’m pretty sure there isn’t a single adult in the world who hasn’t at least heard of The Cloud. Explaining “The Cloud” in 2022 may

Read More »

Crossing Scripts – XSS

Injections. SQL Injections. Cross-site Scripting (hence the amazing title “Crossing Scripts – XSS”). There all sorts of Injection-Based attacks, if you want to read about

Read More »