Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

Detect Microsoft SQL Server Reporting

By kannthu

Informative
Vidoc logoVidoc Module
#tech#microsoft
Description

Detect Microsoft SQL Server Reporting

What is "Detect Microsoft SQL Server Reporting?"

The "Detect Microsoft SQL Server Reporting" module is designed to identify the presence of Microsoft SQL Server Reporting Services (SSRS) on a target system. SSRS is a server-based reporting platform that allows users to create, manage, and deliver reports to various stakeholders within an organization.

This module focuses on detecting the presence of the Report Manager web interface, which is a key component of SSRS. By identifying the presence of Report Manager, this module helps in assessing the configuration and potential vulnerabilities associated with the SSRS installation.

This module has an informative severity level, which means it provides valuable information but does not indicate a critical vulnerability or misconfiguration.

Author: puzzlepeaches

Impact

The impact of this module is informative in nature. It helps users gain insights into the presence of Microsoft SQL Server Reporting Services on a target system. By identifying the Report Manager web interface, users can assess the configuration and potential vulnerabilities associated with SSRS.

How does the module work?

The "Detect Microsoft SQL Server Reporting" module works by sending an HTTP GET request to the "/Reports/Pages/Folder.aspx" path on the target system. It then applies a matching condition to check if the response contains the phrase "Report Manager". If the condition is met, the module considers the presence of Microsoft SQL Server Reporting Services as detected.

Matching conditions:

- Part: All
  Type: Word
  Words: ["Report Manager"]
  Negative: False
  Condition: And

The module uses this matching condition to ensure that the response contains the exact phrase "Report Manager" and considers it a positive detection.

By utilizing this module, users can quickly identify the presence of Microsoft SQL Server Reporting Services and further investigate its configuration and potential vulnerabilities.

Module preview

Concurrent Requests (1)
1. HTTP Request template
GET/Reports/Pages/Folde...
Matching conditions
word: Report Manager
Passive global matcher
No matching conditions.
On match action
Report vulnerability