Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

Exolis Engage Panel - Detect

By kannthu

Informative
Vidoc logoVidoc Module
#panel#exolis#engage
Description

What is the "Exolis Engage Panel - Detect" module?

The "Exolis Engage Panel - Detect" module is designed to detect the presence of the Exolis Engage panel. This module is used in the Vidoc platform to perform scanning and identify potential misconfigurations, vulnerabilities, or software fingerprints.

The Exolis Engage panel is a software solution provided by Exolis. It is targeted by this module to ensure its proper configuration and security.

This module has an informative severity level, meaning it provides valuable information but does not pose an immediate threat.

Author: righettod

Impact

The impact of the Exolis Engage panel detection module is primarily informational. It helps users identify the presence of the Exolis Engage panel and assess its configuration and potential vulnerabilities.

How does the module work?

The Exolis Engage Panel - Detect module works by sending HTTP requests and applying matching conditions to identify the presence of the Exolis Engage panel. It uses the following matching conditions:

- Match condition 1: The module checks the response body for specific words related to the Engage panel's configuration and user types. - Match condition 2: The module verifies that the HTTP response status is 200 (OK).

By combining these matching conditions, the module determines whether the Exolis Engage panel is present and properly configured.

Example HTTP request:

GET /app.js

Matching conditions:

- Match the response body for the words: "engage-specific-config", "engage-lastAppUserType", "engage-lastHelperPatientContext", "engage-preferred-language", "engageManager.admin", "engageManager.user" (condition: OR)
- Match the response status code: 200 (condition: AND)

When these conditions are met, the module reports the detection of the Exolis Engage panel.

Module preview

Concurrent Requests (1)
1. HTTP Request template
GET/app.js
Matching conditions
word: engage-specific-config, engage-lastAppUs...and
status: 200
Passive global matcher
No matching conditions.
On match action
Report vulnerability