Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

AvantFAX Login Panel

By kannthu

Informative
Vidoc logoVidoc Module
#panel#avantfax#login
Description

AvantFAX Login Panel

What is the AvantFAX Login Panel?

The AvantFAX Login Panel module is designed to detect the presence of an AvantFAX login panel. AvantFAX is a web-based application that allows users to send and receive faxes through a web interface. This module helps identify instances where the AvantFAX login panel is exposed, which could potentially lead to unauthorized access to the fax system.

This module has an informative severity level, meaning it provides valuable information but does not indicate a direct vulnerability or misconfiguration.

Author: pikpikcu, daffainfo

Impact

The AvantFAX Login Panel module does not directly impact the security of the system. However, if the login panel is exposed without proper authentication measures, it could potentially allow unauthorized individuals to access the fax system and view sensitive information.

How does the module work?

The AvantFAX Login Panel module works by sending HTTP requests to the target system and analyzing the responses. It uses specific matching conditions to identify the presence of the AvantFAX login panel.

One of the matching conditions is a check for the presence of the "" tag in the body of the response. This indicates that the login panel is present on the page.

Additionally, the module checks for a response status code of 200, which confirms that the login panel page is accessible.

While the module does not provide specific examples of HTTP requests, it follows a similar pattern to send requests and analyze the responses.

Classification

CWE-ID: CWE-668

CVSS-Metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N

Reference

- http://www.avantfax.com/

Metadata

max-request: 1

shodan-query: http.title:"AvantFAX - Login"

Module preview

Concurrent Requests (0)
Passive global matcher
word: <title>- AvantFAX - Login</title>and
status: 200
On match action
Report vulnerability