Automate Recon and scanning process with Vidoc. All security teams in one place
By kannthu
The OrangeHrm Installer module is designed to detect misconfigurations in the OrangeHRM software installation. OrangeHRM is a popular open-source human resource management system used by organizations worldwide. This module focuses on identifying vulnerabilities in the installation process, specifically targeting the OrangeHRM Web Installation Wizard.
This module has a high severity level, indicating that it can potentially expose sensitive information or lead to unauthorized access if misconfigurations are present.
Author: pussycat0x
If misconfigurations are detected, the OrangeHrm Installer module can have significant impact, potentially compromising the security and integrity of the OrangeHRM installation. It may allow unauthorized individuals to gain access to sensitive data or perform unauthorized actions within the system.
The OrangeHrm Installer module works by sending HTTP requests to the target system and analyzing the responses based on predefined matching conditions. It specifically targets the "/installer/installerUI.php" path.
Matching conditions:
- The response body must contain the words "OrangeHRM Web Installation Wizard" and "admin user creation". - The response header must contain the word "text/html". - The HTTP status code must be 200 (OK).If all the matching conditions are met, the module will report a vulnerability.
For example, one of the HTTP requests sent by the module:
GET /installer/installerUI.php
Note: The above description provides an overview of the module's functionality and does not include the actual JSON definitions used in the module.