Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

FortiADC Login Panel - Detect

By kannthu

Informative
Vidoc logoVidoc Module
#panel#fortinet
Description

FortiADC Login Panel - Detect

What is the "FortiADC Login Panel - Detect?"

The "FortiADC Login Panel - Detect" module is designed to detect the presence of the FortiADC login panel. FortiADC is an application delivery controller developed by Fortinet. This module focuses on identifying the login panel and does not perform any further actions. The severity of this module is classified as informative.

Author: DhiyaneshDk

Impact

This module does not have any direct impact as it only detects the presence of the FortiADC login panel. However, the presence of the login panel may indicate potential security risks if misconfigured or vulnerable.

How does the module work?

The module works by sending an HTTP GET request to the "/ui/#navigate/Login" path. It then applies several matching conditions to determine if the response indicates the presence of the FortiADC login panel:

- The response body must contain the HTML title tag "<title>FortiADC</title>". - The response header must include the content type "text/html". - The response status code must be 200 (OK).

If all of these conditions are met, the module reports that the FortiADC login panel has been detected.

Classification

CWE-ID: CWE-200

CVSS-Metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N

Reference

- https://www.fortinet.com/products/application-delivery-controller/fortiadc

Metadata

max-request: 1

verified: true

shoda

Module preview

Concurrent Requests (1)
1. HTTP Request template
GET/ui/#navigate/Login
Matching conditions
word: <title>FortiADC</title>and
word: text/htmland
status: 200
Passive global matcher
No matching conditions.
On match action
Report vulnerability