Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

Codeigniter Application Installer Exposure

By kannthu

Informative
Vidoc logoVidoc Module
#misconfig#codeigniter#install#exposure
Description

What is the "Codeigniter Application Installer Exposure?"

The "Codeigniter Application Installer Exposure" module is designed to detect a misconfiguration vulnerability in CodeIgniter applications. CodeIgniter is a popular PHP framework used for developing web applications. This module focuses on identifying instances where the CodeIgniter application installer is exposed, which can potentially lead to unauthorized access or other security risks. The severity of this vulnerability is classified as informative.

Impact

If the Codeigniter Application Installer is exposed, it can allow attackers to gain unauthorized access to the application or its sensitive information. This can lead to potential data breaches, unauthorized modifications, or other malicious activities.

How the module works?

The module works by sending a GET request to the "/install/" path of the target CodeIgniter application. It then applies matching conditions to determine if the Codeigniter Application Installer is present and if the response status is 200 (OK). If both conditions are met, the module flags the vulnerability.

Example HTTP request:

GET /install/ HTTP/1.1
Host: example.com

The matching conditions for this module are:

- The response body must contain the phrase "Codeigniter Application Installer". - The response status must be 200 (OK).

If these conditions are met, the module reports the vulnerability, indicating the potential misconfiguration in the CodeIgniter application.

Module preview

Concurrent Requests (1)
1. HTTP Request template
GET/install/
Matching conditions
word: Codeigniter Application Installerand
status: 200
Passive global matcher
No matching conditions.
On match action
Report vulnerability