Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

H2 Console Web Login Panel - Detect

By kannthu

informative
Vidoc logoVidoc Module
#panel#h2#console
Description

What is the "H2 Console Web Login Panel - Detect?"

The "H2 Console Web Login Panel - Detect" module is designed to detect the presence of the H2 Console web login panel. The H2 Console is a web-based database management tool that allows users to interact with H2 databases. This module specifically targets the login panel of the H2 Console.

The severity of this module is classified as informative, meaning it provides information about the presence of the H2 Console web login panel but does not indicate any specific vulnerability or misconfiguration.

This module was authored by righettod.

Impact

The presence of the H2 Console web login panel may indicate potential security risks. If the login panel is accessible to unauthorized users, it could potentially lead to unauthorized access to the H2 database and its contents.

How does the module work?

The module works by sending a GET request to the "/h2-console/login.jsp" path of the target website. It then applies matching conditions to determine if the H2 Console web login panel is present.

The matching conditions for this module are as follows:

- The response status code must be 200. - The response body must contain the case-insensitive string "<title>h2 console</title>".

If both matching conditions are met, the module considers the H2 Console web login panel to be detected.

For example, the module would send a request like this:

GET /h2-console/login.jsp

It then checks if the response status code is 200 and if the response body contains the string "<title>h2 console</title>". If both conditions are true, the module reports the detection of the H2 Console web login panel.

Concurrent Requests (1)
1. HTTP Request template
GET/h2-console/login.js...
Matching conditions
dsl: status_code==200, contains(toLower(body)...
Passive global matcher
No matching conditions.
On match action
Report vulnerability