Automate Recon and scanning process with Vidoc. All security teams in one place
By kannthu
The "Drupal User Enumeration [Redirect]" module is a test case designed to detect misconfigurations in Drupal websites. It targets the Drupal software and aims to identify potential vulnerabilities or weaknesses in user enumeration. The module has an informative severity level and was authored by 0w4ys.
This module helps identify if the Drupal website is vulnerable to user enumeration. User enumeration can provide attackers with valuable information about the website's user accounts, making it easier for them to launch targeted attacks such as brute force or phishing attempts.
The "Drupal User Enumeration [Redirect]" module works by sending HTTP requests to specific paths on the target Drupal website. It then applies matching conditions to determine if user enumeration is possible. The module checks for the presence of a specific header and a status code of 301 in the server response.
For example, the module may send a GET request to paths like "/user/0", "/user/1", "/user/2", and "/user/3". It expects the server response to include a "Location" header with a URL pattern indicating a user profile page. Additionally, the response should have a status code of 301, indicating a redirect.
If both matching conditions are met, the module reports a potential vulnerability, indicating that user enumeration may be possible on the target Drupal website.
It's important to note that this module is just one test case among many that can be performed using the Vidoc platform.