Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

JBoss Management Console Server Information Page - Detect

By kannthu

Informative
Vidoc logoVidoc Module
#jboss#unauth#edb
Description

What is the "JBoss Management Console Server Information Page - Detect?"

The "JBoss Management Console Server Information Page - Detect" module is designed to detect the presence of the JBoss Management Console server information page. This module focuses on identifying misconfigurations or vulnerabilities related to the JBoss Management Console.

The severity of this module is classified as informative, meaning it provides valuable information about the target system but does not pose an immediate security risk.

This module was authored by dhiyaneshDK.

Impact

The detection of the JBoss Management Console server information page does not directly impact the security of the target system. However, it may reveal sensitive information about the server configuration, which could potentially be exploited by attackers to gain further access or gather intelligence about the system.

How does the module work?

The module sends a GET request to the "/web-console/ServerInfo.jsp" path of the target system. It then applies two matching conditions to determine if the JBoss Management Console server information page is present:

- Matcher 1: The response body must contain the words "Application Server" and "Management Console". - Matcher 2: The response status code must be 200 (OK).

If both matching conditions are met, the module reports the detection of the JBoss Management Console server information page.

For example, the module may send the following HTTP request:

GET /web-console/ServerInfo.jsp

The module then analyzes the response to determine if it matches the specified conditions.

Module preview

Concurrent Requests (1)
1. HTTP Request template
GET/web-console/ServerI...
Matching conditions
word: Application Server, Management Consoleand
status: 200
Passive global matcher
No matching conditions.
On match action
Report vulnerability