lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
From: se_cur_ity at hotmail.com (morning_wood)
Subject: ws_ftp.log

your serious??
this issue has been arround for about 10 years...
try googling "ws_ftp.ini" where you can simply drop the
ini in your ws_ftp folder, convert the hashes or import into your
favorite ftp client that supports ws_ftp.ini style format.


m.wood

----- Original Message ----- 
From: "Gaurang Pandya" <gaubrig@...oo.com>
To: <full-disclosure@...ts.netsys.com>
Sent: Sunday, August 15, 2004 5:19 AM
Subject: [Full-Disclosure] ws_ftp.log


> Hi,
> 
> WS_FTP is a popular & feature rich ftp client. It
> makes upload/download as easy as drag & drop. But
> mostly peoples using this forget that it creates a log
> file with name ws_ftp.log. This file holds sensitive
> data such as file source/destination and file name,
> date/time of upload etc., People when use this to
> upload files to their website, never know that along
> with other files even ws_ftp.log file also gets
> uploaded to the webserver, making it globally
> accessible.
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ