CrushFTP WebInterface Login Panel - Detect

What is the "CrushFTP WebInterface Login Panel - Detect" module?

The "CrushFTP WebInterface Login Panel - Detect" module is a test case designed to detect the presence of the CrushFTP WebInterface login panel. It targets the CrushFTP WebInterface software and aims to identify any misconfigurations or vulnerabilities associated with the login panel. The severity of this module is classified as informative, meaning it provides valuable information but does not pose an immediate threat.

This module was authored by dhiyaneshDK.

Impact

The impact of this module is primarily informational. It helps users identify the presence of the CrushFTP WebInterface login panel, which can be useful for assessing the security posture of the system.

How does the module work?

The module works by sending an HTTP GET request to the "/WebInterface/login.html" path of the target system. It then applies two matching conditions to determine if the CrushFTP WebInterface login panel is present:

- The response body must contain the HTML title tag "<title>CrushFTP WebInterface</title>". - The response status code must be 200 (OK).

If both conditions are met, the module reports a successful detection of the CrushFTP WebInterface login panel.

For example, the module sends the following HTTP request:

GET /WebInterface/login.html

The module then checks the response for the presence of the HTML title tag and verifies the response status code.