Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

Blesta Installer Exposure

By kannthu

High
Vidoc logoVidoc Module
#misconfig#blesta#install#exposure
Description

What is the "Blesta Installer Exposure?"

The "Blesta Installer Exposure" module is designed to detect a misconfiguration vulnerability in the Blesta installer. Blesta is a web-based billing platform used by businesses to manage their client billing and support needs. This module focuses on identifying potential security risks related to the installation process.

This module has a high severity level, indicating that if the vulnerability is present, it could pose a significant risk to the security of the Blesta installation.

This module was authored by DhiyaneshDk.

Impact

If the "Blesta Installer Exposure" vulnerability is present, it could allow unauthorized individuals to gain access to the installation process. This could potentially lead to unauthorized modifications, data breaches, or other security incidents.

How does the module work?

The "Blesta Installer Exposure" module works by sending an HTTP GET request to the "/index.php/install" path of the target website. It then applies a series of matching conditions to determine if the vulnerability is present.

Some of the matching conditions include:

- Checking if the response body contains the phrases "Blesta Installer" and "Install via Web Browser". - Verifying that the response header includes the content type "text/html". - Ensuring that the HTTP response status code is 200 (OK).

If all the matching conditions are met, the module will report the vulnerability.

It's important to note that the module's JSON definition, which contains the specific matching conditions, is not shown here for simplicity.

Example HTTP request:

GET /index.php/install

The "Blesta Installer Exposure" module provides valuable insights into potential misconfigurations in the Blesta installer, allowing administrators to take appropriate actions to secure their installations.

Module preview

Concurrent Requests (1)
1. HTTP Request template
GET/index.php/install
Matching conditions
word: Blesta Installer, Install via Web Browse...and
word: text/htmland
status: 200
Passive global matcher
No matching conditions.
On match action
Report vulnerability