Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

IBM Websphere Friendly Path Exposure

By kannthu

Vidoc logoVidoc Module

IBM Websphere Friendly Path Exposure

What is the "IBM Websphere Friendly Path Exposure?"

The "IBM Websphere Friendly Path Exposure" module is designed to detect a misconfiguration vulnerability in IBM WebSphere Portal. This vulnerability exposes friendly paths that can be used to access the signup page and create new user accounts. The severity of this vulnerability is classified as medium.

This module was authored by clarkvoss.


If exploited, this vulnerability could allow unauthorized users to access the signup page and create new user accounts. This could potentially lead to unauthorized access to sensitive information or unauthorized actions within the system.

How the module works?

The module works by sending HTTP requests to the target system and matching the responses against specific conditions. The matching conditions for this module include:

- Checking if the response body contains the words "Friendly path" and "IBM WebSphere Portal". - Checking if the response header contains the word "text/html". - Checking if the response status code is 200 (OK).

If all of these conditions are met, the module considers the vulnerability to be present.

Here is an example of an HTTP request that the module may send:

GET /wps/portal/client/welcome/!ut/p/z1/04_Sj9CPykssy0xPLMnMz0vMAfIjo8ziHd3DQgMNnM3N_M1DjA08PX0NgoNcnQwt3Ez1wwkpiAJKG-AAjgb6BbmhigBypoQ7/dz/d5/L2dBISEvZ0FBIS9nQSEh/?uri=nm:oid:Z6_00000000000000A0BR2B300GG2 HTTP/1.1

It is important to note that this module is specifically designed to detect the misconfiguration vulnerability related to friendly path exposure in IBM WebSphere Portal.

For more information, you can refer to the following reference:


- Max Request: 5 - Shodan Query: http.html:"IBM WebSphere Portal"

Module preview

Concurrent Requests (1)
1. HTTP Request template
GET/wps/portal/client/w.../wps/portal/!ut/p/z1.../wps/portal/!ut/p/z1...(+2 paths)
Matching conditions
word: Friendly path, IBM WebSphere Portaland
word: text/htmland
status: 200
Passive global matcher
No matching conditions.
On match action
Report vulnerability