Automate Recon and scanning process with Vidoc. All security teams in one place
By kannthu
The Limesurvey Installer Exposure module is designed to detect misconfigurations in the Limesurvey installation process. Limesurvey is a popular open-source survey application used for conducting online surveys, assessments, and polls. This module focuses on identifying vulnerabilities related to the Limesurvey installer.
This module has a high severity level, indicating that the identified misconfigurations can potentially lead to security risks if not addressed.
Author: DhiyaneshDk
If misconfigurations are found in the Limesurvey installer, it could expose sensitive information or provide unauthorized access to the installation process. Attackers may exploit these vulnerabilities to gain control over the survey application or compromise the integrity of the installation.
The Limesurvey Installer Exposure module performs HTTP requests to the targeted Limesurvey installation. It checks for specific conditions to determine if misconfigurations exist.
One example of an HTTP request sent by this module is:
GET /index.php?r=installer/welcome
The module then applies matching conditions to the response received from the server. The following conditions are checked:
- The response body must contain the words "LimeSurvey installer," "Progress," and "Your preferred language will be used throughout the installation process." - The response header must contain the word "text/html." - The HTTP status code must be 200 (OK).If all of these conditions are met, the module identifies a potential misconfiguration in the Limesurvey installer.
Note: The module's JSON definition contains additional technical details and configurations, but they are not included in this description for simplicity.
Metadata:
Verified: true
Shodan-query: html:"Limesurvey Installer"