You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
NOTE: SFTP protocol is not vulnerable, but can be used to identify servers
Servers as of 6/15/2023: 534
Shodan discovery method 2: Cookie discovery
Servers with header "DMZCookieTest=ifyoucanreadthisyourbrowsersupportscookies"
Based on official documentation https://community.progress.com/s/article/How-does-MOVEit-Transfer-DMZ-use-cookies-1307565969601
Servers as of 6/15/2023: 13,450
Google Dork method 1: /human.aspx
Google results from inurl:"/human.aspx?"
NOTE: This has not been completely verified, and may have additional software which uses the same .aspx file name. However, it absolutely returns a significant number of MOVEit pages.
Google results as of 6/16/2023: ~6,690 (this is likely inflated number, as non-MOVEit results are included in the search results)