Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

Jedox Web Login Panel - Detect

By kannthu

Informative
Vidoc logoVidoc Module
#panel#jedox#detect
Description

What is the "Jedox Web Login Panel - Detect" module?

The "Jedox Web Login Panel - Detect" module is designed to detect misconfigurations in the Jedox Web login panel. Jedox is an Enterprise Performance Management software used for planning, analytics, and reporting in various areas such as finance, sales, human resources, and procurement. This module focuses on identifying vulnerabilities in the login panel, which can help improve the overall security of the Jedox software.

Severity: Informative

Author: Team Syslifters / Christoph MAHRL, Aron MOLNAR, Patrick PIRKER, Michael WEDL

Impact

This module aims to identify potential misconfigurations in the Jedox Web login panel. By detecting these issues, administrators can take appropriate actions to secure the login panel and prevent unauthorized access or data breaches.

How does the module work?

The module utilizes HTTP request templates and matching conditions to identify misconfigurations in the Jedox Web login panel. It sends a GET request to the "/ui/login/" path and applies the following matching conditions:

- The response body must contain the words "Jedox Web - Login" or "guide-jedox-software". - The response status code must be 200.

If both matching conditions are met, the module considers the login panel to be potentially misconfigured.

Example HTTP request:

GET /ui/login/ HTTP/1.1
Host: [target_host]

Note: Replace "[target_host]" with the actual target host.

Module preview

Concurrent Requests (1)
1. HTTP Request template
GET/ui/login/
Matching conditions
word: Jedox Web - Login, guide-jedox-softwareand
status: 200
Passive global matcher
No matching conditions.
On match action
Report vulnerability