Automate Recon and scanning process with Vidoc. All security teams in one place
By kannthu
The "Dolibarr Installer" module is designed to detect vulnerabilities related to the Dolibarr software installation process. Dolibarr is an open-source ERP and CRM software that helps businesses manage their operations, including sales, inventory, and accounting. This module focuses on identifying potential misconfigurations or exposures during the installation process, which can pose a high level of risk to the system's security.
Severity: High
Author: pussycat0x
If the "Dolibarr Installer" module detects any vulnerabilities, it indicates that the Dolibarr installation process may have been misconfigured or exposed. This can lead to unauthorized access, data breaches, or other security incidents. It is crucial to address any identified vulnerabilities promptly to ensure the security and integrity of the Dolibarr system.
The "Dolibarr Installer" module operates by sending HTTP requests to specific endpoints related to the Dolibarr installation process. It then applies matching conditions to determine if the installation page contains certain keywords and if the response headers indicate the expected content type. The module expects a successful HTTP response with a status code of 200 and specific content in the response body to confirm the presence of the Dolibarr installation page.
Example HTTP request:
GET /install/index.php
Matching conditions:
- The response body must contain the words "Dolibarr install or upgrade" and "browser language". - The response headers must include the content type "text/html". - The HTTP response status code must be 200.If all the matching conditions are met, the module reports a vulnerability related to the Dolibarr installation process.
Metadata:
- Verified: true - Shodan query: title:"Dolibarr install or upgrade"