Locklizard Web Viewer Login Panel - Detect

What is the "Locklizard Web Viewer Login Panel - Detect" module?

The "Locklizard Web Viewer Login Panel - Detect" module is designed to detect the presence of the Locklizard Web Viewer login panel. This module is part of the Vidoc platform and is used to perform scanning for misconfigurations, vulnerabilities, or software fingerprints. The severity of this module is classified as informative.

This module was authored by righettod.

Impact

The detection of the Locklizard Web Viewer login panel indicates that the web application may be using the Locklizard PDF security web viewer. This panel is responsible for handling user login and password recovery. The presence of this panel does not necessarily indicate a vulnerability or misconfiguration, but it provides information about the technology stack being used.

How does the module work?

The "Locklizard Web Viewer Login Panel - Detect" module works by sending HTTP requests and matching the responses against predefined conditions. The module checks for the presence of specific words in the response body, such as "Locklizard Web Viewer" and "Did you remember your password?". Additionally, it verifies that the HTTP response status is 200 (OK).

Here is an example of an HTTP request that may be sent by the module:

GET /path/to/login HTTP/1.1
Host: example.com
User-Agent: Vidoc-Scanner

The module uses the following matching conditions:

- Match the words "Locklizard Web Viewer" and "Did you remember your password?" in the response body. - Ensure that the HTTP response status is 200 (OK).

The module combines these conditions using the "and" logical operator.

Reference:

- https://www.locklizard.com/pdf_security_webviewer/

Metadata:

max-request: 1

verified: true

shodan-query: html