Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

Binom Installer Exposure

By kannthu

High
Vidoc logoVidoc Module
#misconfig#binom#install#exposure
Description

What is the "Binom Installer Exposure?"

The "Binom Installer Exposure" module is designed to detect a specific misconfiguration in the Binom software installation. Binom is a tracking software used in affiliate marketing to monitor and analyze campaign performance. This module focuses on identifying instances where the Binom installation is exposed and accessible without proper security measures in place.

This module has a high severity level, indicating that the misconfiguration it detects can potentially lead to unauthorized access and compromise of sensitive data.

Author: tess

Impact

If the Binom Installer Exposure module detects a misconfiguration, it means that the Binom installation is accessible to anyone without proper authentication or security measures. This can result in unauthorized access to the tracking software, potentially leading to data breaches, manipulation of campaign data, and other security risks.

How does the module work?

The Binom Installer Exposure module works by sending HTTP requests to the target system and analyzing the responses. It checks for specific conditions that indicate the presence of the Binom installation and potential misconfigurations.

One example of an HTTP request sent by this module is:

GET /?page=step_1

The module then applies matching conditions to the response to determine if the Binom installation is exposed. The matching conditions include:

- The presence of the "<title>Install Binom</title>" and "System check" keywords in the response body. - A response status code of 200.

If all the matching conditions are met, the module identifies the misconfiguration and reports it as a vulnerability.

Note: The module definition and JSON details are not shown here for simplicity.

Module preview

Concurrent Requests (1)
1. HTTP Request template
GET//?page=step_1
Matching conditions
word: <title>Install Binom</title>, System che...and
status: 200
Passive global matcher
No matching conditions.
On match action
Report vulnerability