Automate Recon and scanning process with Vidoc. All security teams in one place
By kannthu
The "osTicket Installer Panel - Detect" module is designed to detect the presence of the osTicket installer panel. osTicket is a popular open-source ticketing system used for managing customer support requests. This module focuses on identifying misconfigurations or vulnerabilities in the osTicket installer panel.
This module has a severity level of critical, indicating that any issues detected can have a significant impact on the security and functionality of the osTicket installation.
If the module detects any misconfigurations or vulnerabilities in the osTicket installer panel, it could potentially allow unauthorized access, data breaches, or other security risks. It is crucial to address any issues identified by this module promptly to ensure the integrity and security of the osTicket installation.
The "osTicket Installer Panel - Detect" module works by sending HTTP requests to specific paths associated with the osTicket installer panel, namely "/upload/setup/install.php" and "/setup/install.php". It then applies matching conditions to determine if the panel is present and if any misconfigurations or vulnerabilities exist.
Here is an example of an HTTP request sent by the module:
GET /upload/setup/install.php
The module applies the following matching conditions:
- The response body must contain the word "<title>osTicket Installer
"
- The response body must not contain the phrase "already installed"
- The HTTP response status code must be 200
If all the matching conditions are met, the module identifies the presence of the osTicket installer panel and reports any detected misconfigurations or vulnerabilities.