Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

Oxid EShop Installer Exposure

By kannthu

High
Vidoc logoVidoc Module
#misconfig#oxid#eshop#install#exposure
Description

What is the "Oxid EShop Installer Exposure?"

The "Oxid EShop Installer Exposure" module is designed to detect a misconfiguration vulnerability in the OXID eShop installation. OXID eShop is an open-source e-commerce platform used by businesses to create online stores. This module focuses on identifying a specific misconfiguration that could potentially expose sensitive information or allow unauthorized access to the installation.

This module has a high severity level, indicating that if the misconfiguration is present, it could pose a significant risk to the security of the e-commerce platform.

This module was authored by ritikchaddha.

Impact

If the misconfiguration detected by this module is present, it could lead to various security issues, including:

- Potential exposure of sensitive information - Unauthorized access to the OXID eShop installation - Possible compromise of customer data - Increased risk of cyber attacks

How does the module work?

The "Oxid EShop Installer Exposure" module works by sending an HTTP GET request to the "/Setup/index.php/" path of the OXID eShop installation. It then applies matching conditions to determine if the misconfiguration is present.

The matching conditions for this module are:

- The response body must contain the words "OXID eShop installation" and "System Requirements". - The HTTP response status code must be 200.

If both matching conditions are met, the module will report a vulnerability.

Here is an example of the HTTP request sent by the module:

GET /Setup/index.php/ HTTP/1.1
Host: [target_host]

Please note that [target_host] should be replaced with the actual host of the OXID eShop installation.

It is important to address any misconfigurations detected by this module promptly to ensure the security of the OXID eShop installation and protect sensitive data.

Module preview

Concurrent Requests (1)
1. HTTP Request template
GET/Setup/index.php/
Matching conditions
word: OXID eShop installation, System Requirem...and
status: 200
Passive global matcher
No matching conditions.
On match action
Report vulnerability