Automate Recon and scanning process with Vidoc. All security teams in one place
By kannthu
The "ActiveAdmin Admin Dashboard Exposure" module is a test case designed to detect the presence of an ActiveAdmin Admin dashboard. ActiveAdmin is a Ruby on Rails plugin that provides a framework for creating administration interfaces. This module focuses on identifying instances of ActiveAdmin Admin dashboards, which may indicate a misconfiguration or potential security vulnerability.
This module has an informative severity level, meaning it provides valuable information but does not indicate an immediate security threat.
Author: pdteam
If an ActiveAdmin Admin dashboard is exposed, it may allow unauthorized access to sensitive administrative functions and data. This could potentially lead to unauthorized modifications, data leaks, or other security risks.
The "ActiveAdmin Admin Dashboard Exposure" module works by sending an HTTP GET request to the "/admin/login" path. It then applies matching conditions to the response to determine if an ActiveAdmin Admin dashboard is present.
The matching conditions for this module include checking for specific words in the response, such as "active_admin_content" and "active_admin-". If these words are found, it indicates the presence of an ActiveAdmin Admin dashboard.
Example HTTP request:
GET /admin/login
Matching conditions:
- Part: All
Type: Word
Words: active_admin_content, active_admin-
Negative: False
Condition: And
When the module detects an ActiveAdmin Admin dashboard, it reports the finding as an informative vulnerability.
Reference: https://activeadmin.info/
Metadata: max-request: 1