Class: CMSScanner::Model::FantasticoFileslist

Inherits:
InterestingFinding show all
Defined in:
app/models/fantastico_fileslist.rb

Overview

Fantastico is a commercial script library that automates the installation of web applications to a website. Fantastico scripts are executed from the administration area of a website control panel such as cPanel. It creates a file named fantastico_fileslist.txt that is publicly available and contains a list of all the files from the current directory. The contents of this file may expose sensitive information to an attacker.

Constant Summary

Constants included from Finders::Finding

Finders::Finding::FINDING_OPTS

Instance Attribute Summary

Attributes inherited from InterestingFinding

#url

Instance Method Summary collapse

Methods inherited from InterestingFinding

#==, #entries, #initialize, #type

Methods included from Finders::Finding

#<=>, #confidence, #confidence=, #confirmed_by, #eql?, included, #parse_finding_options

Constructor Details

This class inherits a constructor from CMSScanner::Model::InterestingFinding

Instance Method Details

#interesting_entriesArray<String>

Returns The interesting files/dirs detected.

Returns:

  • (Array<String>)

    The interesting files/dirs detected



16
17
18
19
20
21
22
23
24
25
 
# File 'app/models/fantastico_fileslist.rb', line 16

def interesting_entries
  results = []

  entries.each do |entry|
    next unless /(?:admin|\.log|\.sql|\.db)/i.match?(entry)

    results << entry
  end
  results
end

#referencesObject 



27
28
29
30
31
 
# File 'app/models/fantastico_fileslist.rb', line 27

def references
  @references ||= {
    url: ['https://web.archive.org/web/20140518040021/http://www.acunetix.com/vulnerabilities/fantastico-fileslist/']
  }
end

#to_sString

Returns:

  • (String) 


11
12
13
 
# File 'app/models/fantastico_fileslist.rb', line 11

def to_s
  @to_s ||= "Fantastico list found: #{url}"
end