| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: Chamby at matsu.alaska.edu (Hamby, Charles D.) Subject: ws_ftp.log Cut the guy a little slack, Wood. Yeah, it's been around forever and a day, but maybe his e-mail will cause someone reading it to go looking in their Enterprise for it and find some moron webmaster using it on an Internet-facing server. If so, he did some good. Relax. -----Original Message----- From: full-disclosure-admin@...ts.netsys.com on behalf of morning_wood Sent: Sun 8/15/2004 8:05 AM To: Gaurang Pandya; full-disclosure@...ts.netsys.com Subject: Re: [Full-Disclosure] ws_ftp.log your serious?? this issue has been arround for about 10 years... try googling "ws_ftp.ini" where you can simply drop the ini in your ws_ftp folder, convert the hashes or import into your favorite ftp client that supports ws_ftp.ini style format. m.wood ----- Original Message ----- From: "Gaurang Pandya" <gaubrig@...oo.com> To: <full-disclosure@...ts.netsys.com> Sent: Sunday, August 15, 2004 5:19 AM Subject: [Full-Disclosure] ws_ftp.log > Hi, > > WS_FTP is a popular & feature rich ftp client. It > makes upload/download as easy as drag & drop. But > mostly peoples using this forget that it creates a log > file with name ws_ftp.log. This file holds sensitive > data such as file source/destination and file name, > date/time of upload etc., People when use this to > upload files to their website, never know that along > with other files even ws_ftp.log file also gets > uploaded to the webserver, making it globally > accessible. > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Powered by blists - more mailing lists