RubygemsResearch

Sha256: 6eb84220c02cba25dbb73e6fd821da7bc014afc06b18b603bc0aeb5a600833d3

Contents?: true

Size: 1.14 KB

Versions: 17

Compression:

Stored size: 1.14 KB

# frozen_string_literal: true

module CMSScanner
  module Model
    # Fantastico is a commercial script library that automates the installation of web applications to a website.
    # Fantastico scripts are executed from the administration area of a website control panel such as cPanel.
    # It creates a file named fantastico_fileslist.txt that is publicly available and contains a list of all the
    # files from the current directory. The contents of this file may expose sensitive information to an attacker.
    class FantasticoFileslist < InterestingFinding
      # @return [ String ]
      def to_s
        @to_s ||= "Fantastico list found: #{url}"
      end

      # @return [ Array<String> ] The interesting files/dirs detected
      def interesting_entries
        results = []

        entries.each do |entry|
          next unless /(?:admin|\.log|\.sql|\.db)/i.match?(entry)

          results << entry
        end
        results
      end

      def references
        @references ||= {
          url: ['https://web.archive.org/web/20140518040021/http://www.acunetix.com/vulnerabilities/fantastico-fileslist/']
        }
      end
    end
  end
end

Version data entries

17 entries across 17 versions & 3 rubygems

Version	Path
cms_scanner-0.15.0	app/models/fantastico_fileslist.rb
cms_scanner-0.14.3	app/models/fantastico_fileslist.rb
cms_scanner-0.14.2	app/models/fantastico_fileslist.rb
cms_scanner-0.13.9	app/models/fantastico_fileslist.rb
cms_scanner-0.13.8	app/models/fantastico_fileslist.rb
new_cms_scanner-0.13.7	app/models/fantastico_fileslist.rb
k8s_cms_scanner-0.1.0	app/models/fantastico_fileslist.rb
cms_scanner-0.13.7	app/models/fantastico_fileslist.rb
cms_scanner-0.13.6	app/models/fantastico_fileslist.rb
cms_scanner-0.13.5	app/models/fantastico_fileslist.rb
cms_scanner-0.13.4	app/models/fantastico_fileslist.rb
cms_scanner-0.13.3	app/models/fantastico_fileslist.rb
cms_scanner-0.13.2	app/models/fantastico_fileslist.rb
cms_scanner-0.13.1	app/models/fantastico_fileslist.rb
cms_scanner-0.13.0	app/models/fantastico_fileslist.rb
cms_scanner-0.12.2	app/models/fantastico_fileslist.rb
cms_scanner-0.12.1	app/models/fantastico_fileslist.rb