Automate Recon and scanning process with Vidoc. All security teams in one place
By kannthu
The "Odoo - Database Manager Discovery" module is designed to detect the presence of the Odoo database manager. Odoo is a popular open-source business management software that offers a range of applications for various business needs. This module focuses on identifying the database manager component of Odoo.
This module has a severity level of critical, indicating that the presence of the Odoo database manager could pose a significant security risk if misconfigured or vulnerable.
The original author of this module is Fazal and R3dg33k.
The presence of the Odoo database manager can have various implications depending on the specific configuration and vulnerabilities present. If misconfigured or left unprotected, it could potentially expose sensitive data or allow unauthorized access to the database.
The "Odoo - Database Manager Discovery" module works by sending a specific HTTP request to the target system and then applying matching conditions to determine if the Odoo database manager is present.
One example of an HTTP request used by this module is:
GET /web/database/manager
The module applies the following matching conditions:
- The response body must contain the HTML title tag "<title>Odoo</title>
" and the class ".o_database_delete
".
- The HTTP response status code must be 200.
If both conditions are met, the module considers the Odoo database manager to be present.