Odoo - Database Manager Discovery

What is the "Odoo - Database Manager Discovery?"

The "Odoo - Database Manager Discovery" module is designed to detect the presence of the Odoo database manager. Odoo is a popular open-source business management software that offers a range of applications for various business needs. This module focuses on identifying the database manager component of Odoo.

This module has a severity level of critical, indicating that the presence of the Odoo database manager could pose a significant security risk if misconfigured or vulnerable.

The original author of this module is Fazal and R3dg33k.

Impact

The presence of the Odoo database manager can have various implications depending on the specific configuration and vulnerabilities present. If misconfigured or left unprotected, it could potentially expose sensitive data or allow unauthorized access to the database.

How does the module work?

The "Odoo - Database Manager Discovery" module works by sending a specific HTTP request to the target system and then applying matching conditions to determine if the Odoo database manager is present.

One example of an HTTP request used by this module is:

GET /web/database/manager

The module applies the following matching conditions:

- The response body must contain the HTML title tag "<title>Odoo</title>" and the class ".o_database_delete". - The HTTP response status code must be 200.

If both conditions are met, the module considers the Odoo database manager to be present.