Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

osTicket Installer Panel - Detect

By kannthu

Critical
Vidoc logoVidoc Module
#panel#osticket#install
Description

What is the "osTicket Installer Panel - Detect?"

The "osTicket Installer Panel - Detect" module is designed to detect the presence of the osTicket installer panel. osTicket is a popular open-source ticketing system used for managing customer support requests. This module focuses on identifying misconfigurations or vulnerabilities in the osTicket installer panel.

This module has a severity level of critical, indicating that any issues detected can have a significant impact on the security and functionality of the osTicket installation.

Impact

If the module detects any misconfigurations or vulnerabilities in the osTicket installer panel, it could potentially allow unauthorized access, data breaches, or other security risks. It is crucial to address any issues identified by this module promptly to ensure the integrity and security of the osTicket installation.

How the module works?

The "osTicket Installer Panel - Detect" module works by sending HTTP requests to specific paths associated with the osTicket installer panel, namely "/upload/setup/install.php" and "/setup/install.php". It then applies matching conditions to determine if the panel is present and if any misconfigurations or vulnerabilities exist.

Here is an example of an HTTP request sent by the module:

GET /upload/setup/install.php

The module applies the following matching conditions:

- The response body must contain the word "<title>osTicket Installer" - The response body must not contain the phrase "already installed" - The HTTP response status code must be 200

If all the matching conditions are met, the module identifies the presence of the osTicket installer panel and reports any detected misconfigurations or vulnerabilities.

Module preview

Concurrent Requests (1)
1. HTTP Request template
GET/upload/setup/instal.../setup/install.php
Matching conditions
word: <title>osTicket Installerand
NOT word: already installedand
status: 200
Passive global matcher
No matching conditions.
On match action
Report vulnerability