Update documentation/modules/auxiliary/gather/gladinet_storage_access_ticket_forge.md

Chocapikk · jvoisin · web-flow · commit 7763be9f3e64 · 2025-12-16T18:49:44.000+01:00
Co-authored-by: Julien Voisin &lt;jvoisin@users.noreply.github.com&gt;
diff --git a/documentation/modules/auxiliary/gather/gladinet_storage_access_ticket_forge.md b/documentation/modules/auxiliary/gather/gladinet_storage_access_ticket_forge.md
@@ -8,7 +8,7 @@ The access ticket is an encrypted string that contains:
 - Filepath: The absolute path to the file on the server
 - Username: Empty (Application Pool Identity will be used)
 - Password: Empty
-- Timestamp: Creation time (set to excessive year to never expire)
+- Timestamp: Creation time (set to 100 years in the future so that it doesn't expire)
 
 Because the cryptographic keys are hardcoded and identical across all vulnerable installations, an attacker can forge
 tickets to read arbitrary files from the server's file system, including sensitive configuration files like `Web.config`
