Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

Oracle ATG Commerce Panel - Detect

By kannthu

Informative
Vidoc logoVidoc Module
#tech#oracle#atg#commerce
Description

What is the "Oracle ATG Commerce Panel - Detect" module?

The "Oracle ATG Commerce Panel - Detect" module is a test case designed to detect the presence of the Oracle ATG Commerce panel. This module focuses on identifying misconfigurations or vulnerabilities related to the Oracle ATG Commerce software. It has an informative severity level, meaning it provides valuable information without posing an immediate threat. The module was authored by Dale Clarke.

Impact

The detection of the Oracle ATG Commerce panel can indicate potential security risks or misconfigurations within the system. It is important to address any identified issues promptly to ensure the security and stability of the Oracle ATG Commerce platform.

How does the module work?

The "Oracle ATG Commerce Panel - Detect" module utilizes HTTP request templates and matching conditions to identify the presence of the Oracle ATG Commerce panel. It performs the following checks:

- Checks the HTTP response headers for the presence of the "x-atg-version" and "atg_session_id" keywords. This helps identify if the Oracle ATG Commerce panel is being used. - Verifies that the HTTP response status code is 200, indicating a successful request.

By combining these matching conditions, the module determines whether the Oracle ATG Commerce panel is present or not.

Example HTTP request:

GET / HTTP/1.1
Host: example.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.3

The module matches the response headers and status code against the defined conditions to determine if the Oracle ATG Commerce panel is detected.

Module preview

Concurrent Requests (0)
Passive global matcher
word: x-atg-version, atg_session_idand
status: 200
On match action
Report vulnerability