Automate Recon and scanning process with Vidoc. All security teams in one place
By kannthu
The "GLPI Status Domain Disclosure" module is designed to detect a potential information exposure vulnerability in the GLPI software. GLPI is an open-source IT asset management software commonly used to manage and track IT resources in organizations. This module focuses on identifying misconfigurations or vulnerabilities related to the status domain in GLPI.
The severity of this module is classified as informative, which means it provides valuable information about potential security risks but does not directly exploit or compromise the system.
If a vulnerability or misconfiguration is detected using this module, it could potentially expose sensitive information related to the GLPI software. This could include details about the system's status, configuration, or other sensitive data that should not be publicly accessible. The impact of such exposure depends on the specific information disclosed and the context in which it is used.
The "GLPI Status Domain Disclosure" module works by sending HTTP requests to specific paths related to the status domain in GLPI. It checks for the presence of certain keywords, such as "GLPI_" and "LDAP server," in the response content. Additionally, it verifies that the HTTP response status code is 200, indicating a successful request.
For example, one of the HTTP request paths used by this module is "/status.php". The module sends a GET request to this path and expects a response with a status code of 200. It then analyzes the response content for the presence of the specified keywords.
The matching conditions for this module are:
- The response content must contain both "GLPI_" and "LDAP server" keywords. - The HTTP response status code must be 200.If both conditions are met, the module considers the vulnerability or misconfiguration as detected.
Note: This module is an informative tool and does not perform any actions beyond detecting potential vulnerabilities or misconfigurations. It is recommended to address any identified issues to ensure the security and integrity of the GLPI software.