Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

LMSZAI Installer Exposure

By kannthu

High
Vidoc logoVidoc Module
#misconfig#blesta#install#exposure
Description

What is the "LMSZAI Installer Exposure?"

The "LMSZAI Installer Exposure" module is designed to detect a misconfiguration vulnerability in the LMSZAI - Learning Management System installer. This module targets the Blesta platform and specifically focuses on the installation process. The severity of this vulnerability is classified as high.

Author: DhiyaneshDk

Impact

If the LMSZAI installer is exposed due to misconfiguration, it can potentially lead to unauthorized access and compromise of sensitive information. Attackers may exploit this vulnerability to gain control over the system and perform malicious activities.

How does the module work?

The "LMSZAI Installer Exposure" module works by sending a GET request to the "/install" path of the targeted system. It then applies a set of matching conditions to determine if the misconfiguration vulnerability exists.

Matching conditions:

- The response body must contain the words "LMSZAI - Learning Management System" and "Configuration". - The response header must include the word "text/html". - The HTTP status code must be 200 (OK).

If all of these conditions are met, the module will report the vulnerability.

Example HTTP request:

GET /install

Note: The actual JSON definitions of the module are not shown here for simplicity.

Module preview

Concurrent Requests (1)
1. HTTP Request template
GET/install
Matching conditions
word: LMSZAI - Learning Management System, Con...and
word: text/htmland
status: 200
Passive global matcher
No matching conditions.
On match action
Report vulnerability