Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

Limesurvey Installer Exposure

By kannthu

High
Vidoc logoVidoc Module
#misconfig#limesurvey#install
Description

Limesurvey Installer Exposure

What is the Limesurvey Installer Exposure?

The Limesurvey Installer Exposure module is designed to detect misconfigurations in the Limesurvey installation process. Limesurvey is a popular open-source survey application used for conducting online surveys, assessments, and polls. This module focuses on identifying vulnerabilities related to the Limesurvey installer.

This module has a high severity level, indicating that the identified misconfigurations can potentially lead to security risks if not addressed.

Author: DhiyaneshDk

Impact

If misconfigurations are found in the Limesurvey installer, it could expose sensitive information or provide unauthorized access to the installation process. Attackers may exploit these vulnerabilities to gain control over the survey application or compromise the integrity of the installation.

How does the module work?

The Limesurvey Installer Exposure module performs HTTP requests to the targeted Limesurvey installation. It checks for specific conditions to determine if misconfigurations exist.

One example of an HTTP request sent by this module is:

GET /index.php?r=installer/welcome

The module then applies matching conditions to the response received from the server. The following conditions are checked:

- The response body must contain the words "LimeSurvey installer," "Progress," and "Your preferred language will be used throughout the installation process." - The response header must contain the word "text/html." - The HTTP status code must be 200 (OK).

If all of these conditions are met, the module identifies a potential misconfiguration in the Limesurvey installer.

Note: The module's JSON definition contains additional technical details and configurations, but they are not included in this description for simplicity.

Metadata:

Verified: true

Shodan-query: html:"Limesurvey Installer"

Module preview

Concurrent Requests (1)
1. HTTP Request template
GET/index.php?r=install...
Matching conditions
word: LimeSurvey installer, Progress, Your pre...and
word: text/htmland
status: 200
Passive global matcher
No matching conditions.
On match action
Report vulnerability