Message-ID: <A82970EA8CB06C4C8E8F9CF2D429019388771F@msc005.msc.local>
From: Chamby at matsu.alaska.edu (Hamby, Charles D.)
Subject: ws_ftp.log 

Cut the guy a little slack, Wood.  Yeah, it's been around forever and a day, but maybe his e-mail will cause someone reading it to go looking in their Enterprise for it and find some moron webmaster using it on an Internet-facing server.  If so, he did some good. Relax.




-----Original Message-----
From: full-disclosure-admin@...ts.netsys.com on behalf of morning_wood
Sent: Sun 8/15/2004 8:05 AM
To: Gaurang Pandya; full-disclosure@...ts.netsys.com
Subject: Re: [Full-Disclosure] ws_ftp.log 
 
your serious??
this issue has been arround for about 10 years...
try googling "ws_ftp.ini" where you can simply drop the
ini in your ws_ftp folder, convert the hashes or import into your
favorite ftp client that supports ws_ftp.ini style format.


m.wood

----- Original Message ----- 
From: "Gaurang Pandya" <gaubrig@...oo.com>
To: <full-disclosure@...ts.netsys.com>
Sent: Sunday, August 15, 2004 5:19 AM
Subject: [Full-Disclosure] ws_ftp.log


> Hi,
> 
> WS_FTP is a popular & feature rich ftp client. It
> makes upload/download as easy as drag & drop. But
> mostly peoples using this forget that it creates a log
> file with name ws_ftp.log. This file holds sensitive
> data such as file source/destination and file name,
> date/time of upload etc., People when use this to
> upload files to their website, never know that along
> with other files even ws_ftp.log file also gets
> uploaded to the webserver, making it globally
> accessible.
> 

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Powered by blists - more mailing lists