Automate Recon and scanning process with Vidoc. All security teams in one place
By kannthu
The "Adminer Login Panel - Detect" module is designed to detect the presence of the Adminer login panel. Adminer is a popular database management tool that allows users to interact with their databases through a web interface. This module focuses on identifying instances of the Adminer login panel, which can help in identifying potential security risks or misconfigurations.
This module has an informative severity level, meaning it provides valuable information but does not indicate a direct vulnerability or misconfiguration.
Author: random_robbie, meme-lord
The detection of the Adminer login panel does not directly imply any impact or vulnerability. However, it can indicate potential security risks, such as the exposure of sensitive database information or the possibility of unauthorized access if the panel is not properly secured.
The "Adminer Login Panel - Detect" module works by sending HTTP requests to the target system and analyzing the responses for specific patterns. It uses a combination of matching conditions to identify the presence of the Adminer login panel.
One example of an HTTP request used by this module:
GET {%path%} HTTP/1.1
Host: {%Hostname%}
Accept: application/json, text/plain, */*
Referer:
The module applies the following matching conditions:
- The response body must contain the string "- Adminer</title>" and the partial string "verifyVersion". - The HTTP response status code must be 200.If these conditions are met, the module considers the Adminer login panel to be detected.
Classification
CWE-ID: CWE-200
CVSS-Metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N
Reference
- https://blog.sorcery.ie/posts/adminer/
Metadata
max-request: 741