Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

Adminer Login Panel - Detect

By kannthu

Informative
Vidoc logoVidoc Module
#fuzz#adminer#login
Description

Adminer Login Panel - Detect

What is the "Adminer Login Panel - Detect?"

The "Adminer Login Panel - Detect" module is designed to detect the presence of the Adminer login panel. Adminer is a popular database management tool that allows users to interact with their databases through a web interface. This module focuses on identifying instances of the Adminer login panel, which can help in identifying potential security risks or misconfigurations.

This module has an informative severity level, meaning it provides valuable information but does not indicate a direct vulnerability or misconfiguration.

Author: random_robbie, meme-lord

Impact

The detection of the Adminer login panel does not directly imply any impact or vulnerability. However, it can indicate potential security risks, such as the exposure of sensitive database information or the possibility of unauthorized access if the panel is not properly secured.

How does the module work?

The "Adminer Login Panel - Detect" module works by sending HTTP requests to the target system and analyzing the responses for specific patterns. It uses a combination of matching conditions to identify the presence of the Adminer login panel.

One example of an HTTP request used by this module:

GET {%path%} HTTP/1.1
Host: {%Hostname%}
Accept: application/json, text/plain, */*
Referer: 

The module applies the following matching conditions:

- The response body must contain the string "- Adminer</title>" and the partial string "verifyVersion". - The HTTP response status code must be 200.

If these conditions are met, the module considers the Adminer login panel to be detected.

Classification

CWE-ID: CWE-200

CVSS-Metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N

Reference

- https://blog.sorcery.ie/posts/adminer/

Metadata

max-request: 741

Module preview

Concurrent Requests (1)
1. HTTP Request template
Raw request
Matching conditions
word: - Adminer</title>, partial(verifyVersionand
status: 200
Passive global matcher
No matching conditions.
On match action
Report vulnerability