Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

Lvmeng - UTS Disclosure

By kannthu

High
Vidoc logoVidoc Module
#config#exposure
Description

What is "Lvmeng - UTS Disclosure?"

The "Lvmeng - UTS Disclosure" module is designed to detect vulnerabilities in the Lvmeng UTS software. It focuses on identifying misconfigurations that could potentially lead to security breaches. This module has a high severity level, indicating the importance of addressing any vulnerabilities found. The module was created by an undisclosed author.

Impact

If a vulnerability is detected by the "Lvmeng - UTS Disclosure" module, it could potentially expose sensitive information or allow unauthorized access to the Lvmeng UTS software. This could lead to data breaches, unauthorized modifications, or other security incidents.

How the module works?

The "Lvmeng - UTS Disclosure" module works by sending an HTTP GET request to the "/webapi/v1/system/accountmanage/account" endpoint of the target system. The request includes the "Content-Type" header set to "application/json". The module then applies a series of matching conditions to determine if the response indicates a vulnerability.

The matching conditions include:

- The response status code must be 200. - The response header must contain the word "application/json". - The response body must contain the words "password", "nsfocus_uts", and "MANAGER_IP".

If all of these conditions are met, the module will report a vulnerability.

Module preview

Concurrent Requests (1)
1. HTTP Request template
GET/webapi/v1/system/ac...
Headers

Content-Type: application/json

Matching conditions
status: 200and
word: application/jsonand
word: password, nsfocus_uts, MANAGER_IP
Passive global matcher
No matching conditions.
On match action
Report vulnerability