Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

Ampache Update Page Exposure

By kannthu

Vidoc logoVidoc Module

Ampache Update Page Exposure

This module, "Ampache Update Page Exposure," is designed to detect a misconfiguration in the Ampache software. Ampache is a web-based audio/video streaming application and file manager. The severity of this module is classified as low. It targets Ampache installations that have a misconfigured update page.


If this module detects a misconfiguration in the Ampache update page, it means that the update page is exposed to potential attackers. This could allow unauthorized access to the update functionality of Ampache, potentially leading to unauthorized updates or other security vulnerabilities.

How the module works?

The module sends a GET request to the "/update.php" path of the target Ampache installation. It then applies several matching conditions to determine if the update page is misconfigured:

- The module checks if the response body contains the phrase "Ampache Update" (case-insensitive). - The module checks if the response body does not contain the phrases "No Update Needed" or "No updates needed" (case-insensitive). - The module checks if the response status code is 200.

If all of these conditions are met, the module considers the update page to be misconfigured and reports it as a vulnerability.

Module preview

Concurrent Requests (1)
1. HTTP Request template
Matching conditions
word: Ampache Updateand
NOT word: No Update Needed, No updates neededand
status: 200
Passive global matcher
No matching conditions.
On match action
Report vulnerability