Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

GeniusOcean Installer Exposure

By kannthu

High
Vidoc logoVidoc Module
#misconfig#geniusocean#install#exposure
Description

What is the "GeniusOcean Installer Exposure?"

The "GeniusOcean Installer Exposure" module is designed to detect a specific misconfiguration in the GeniusOcean Script Installer. GeniusOcean Installer is a software used for installing scripts on websites. This module focuses on identifying vulnerabilities related to the installation process.

This module has a severity level of high, indicating that the detected misconfiguration can potentially lead to significant security risks.

Impact

If the GeniusOcean Installer is misconfigured, it can expose sensitive information and provide unauthorized access to the installation process. This can lead to potential security breaches, data leaks, and unauthorized modifications to the website.

How the module works?

The module works by sending an HTTP GET request to the "/install/?step=1" path of the target website. It then applies a set of matching conditions to determine if the GeniusOcean Installer is present and properly configured.

The matching conditions include:

- Checking if the response body contains the words "GeniusOcean - Script Installer" and "GeniusOcean Installer". - Verifying if the response header contains the word "text/html". - Ensuring that the HTTP response status is 200 (OK).

If all the matching conditions are met, the module reports a vulnerability, indicating that the GeniusOcean Installer is exposed and potentially misconfigured.

Module preview

Concurrent Requests (1)
1. HTTP Request template
GET/install/?step=1
Matching conditions
word: GeniusOcean - Script Installer, GeniusOc...and
word: text/htmland
status: 200
Passive global matcher
No matching conditions.
On match action
Report vulnerability