exposed-filezilla-config: Exposed FileZilla Configuration File - Exposure

日期: 2026-01-27 | 影响软件: filezilla | POC: 已公开

漏洞描述

Detected publicly accessible FileZilla client configuration files (sitemanager.xml, recentservers.xml, filezilla.xml).

PoC代码[已公开]

id: exposed-filezilla-config

info:
  name: Exposed FileZilla Configuration File - Exposure
  author: pussycat0x
  severity: medium
  description: |
    Detected publicly accessible FileZilla client configuration files (sitemanager.xml, recentservers.xml, filezilla.xml).
  reference:
    - https://wiki.filezilla-project.org/Xml_files
  metadata:
    verified: true
    max-request: 4
  tags: exposure,config,filezilla,ftp

http:
  - method: GET
    path:
      - "{{BaseURL}}/files/FileZilla.xml"
      - "{{BaseURL}}/recentservers.xml"
      - "{{BaseURL}}/filezilla.xml"

    stop-at-first-match: true

    matchers:
      - type: dsl
        dsl:
          - "status_code == 200"
          - "contains_all(body, '<filezilla','<User>','<Pass>','<Logontype>')"
        condition: and
# digest: 4a0a00473045022100f7bbe2626fb06af008326f83be31eaefe18e28d8dce7537fe50c5e2246b8e30a02203edcf3b90aa6c8086fc1b64ea0126caeb3482cce80e15041289837545176226b:922c64590222798bb761d5b6d8e72950

来源: https://github.com/projectdiscovery/nuclei-templates/blob/main/http/exposures/configs/exposed-filezilla-config.yaml

漏洞描述

PoC代码[已公开]

相关漏洞推荐