Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

Froxlor Database Backup File Disclosure

By kannthu

Medium
Vidoc logoVidoc Module
#froxlor#backup#exposure#disclosure
Description

Froxlor Database Backup File Disclosure

What is the "Froxlor Database Backup File Disclosure?"

The "Froxlor Database Backup File Disclosure" module is designed to detect a specific vulnerability in the Froxlor server management panel. This vulnerability allows unauthorized access to sensitive database backup files, potentially exposing sensitive information. The severity of this vulnerability is classified as medium.

This module was authored by tess.

Impact

If exploited, the "Froxlor Database Backup File Disclosure" vulnerability can lead to the exposure of sensitive database backup files. This can result in the unauthorized access and potential leakage of sensitive information, including user credentials, personal data, and other confidential data stored in the database.

How the module works?

The "Froxlor Database Backup File Disclosure" module works by sending HTTP requests to the target server and analyzing the responses based on specific matching conditions. The module checks for the presence of certain keywords in the response body, such as "DROP TABLE IF EXISTS," "CREATE TABLE," and "PRIMARY KEY." It also checks for specific header values, including "application/sql," "application/x-sql," "application/octet-stream," and "text/plain." Additionally, the module verifies that the response status code is 200.

By combining these matching conditions, the module can identify instances where the target server exposes database backup files, indicating the presence of the vulnerability.

Here is an example of an HTTP request sent by the module:

GET /install/froxlor.sql

The module then evaluates the response based on the defined matching conditions to determine if the vulnerability is present.

Module preview

Concurrent Requests (1)
1. HTTP Request template
GET/install/froxlor.sql
Matching conditions
word: DROP TABLE IF EXISTS, CREATE TABLE, PRIM...and
word: application/sql, application/x-sql, appl...and
status: 200
Passive global matcher
No matching conditions.
On match action
Report vulnerability