Automate Recon and scanning process with Vidoc. All security teams in one place
By kannthu
The "LMSZAI Installer Exposure" module is designed to detect a misconfiguration vulnerability in the LMSZAI - Learning Management System installer. This module targets the Blesta platform and specifically focuses on the installation process. The severity of this vulnerability is classified as high.
Author: DhiyaneshDk
If the LMSZAI installer is exposed due to misconfiguration, it can potentially lead to unauthorized access and compromise of sensitive information. Attackers may exploit this vulnerability to gain control over the system and perform malicious activities.
The "LMSZAI Installer Exposure" module works by sending a GET request to the "/install" path of the targeted system. It then applies a set of matching conditions to determine if the misconfiguration vulnerability exists.
Matching conditions:
- The response body must contain the words "LMSZAI - Learning Management System" and "Configuration". - The response header must include the word "text/html". - The HTTP status code must be 200 (OK).If all of these conditions are met, the module will report the vulnerability.
Example HTTP request:
GET /install
Note: The actual JSON definitions of the module are not shown here for simplicity.