October 14th, 2002, 10:29 AM
how to patch ws_ftp.ini bug
i was scanning my college site for vunerabilities.i just found a bug named ws_ftp.ini.it has all the passwords of the site.how do help the admin to fix the bug.how do i patch it.plz help me bcoz i wanto help my college site admin.
October 14th, 2002, 10:50 AM
I found an exploit here which takes advantage of the poor encryption on the ws_ftp.ini file (very old exploit). It seems that the problem is that admins store the file in a public location which people can access easily, and malicious users can then download and decrypt the file. If this is the problem/exploit you are talking about, I think you could help out your admins by just telling them to store the file in a restricted location so that not everyone can access it.