Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

PgHero Dashboard Exposure Panel - Detect

By kannthu

Medium
Vidoc logoVidoc Module
#exposure#panel#pghero
Description

What is the "PgHero Dashboard Exposure Panel - Detect?"

The "PgHero Dashboard Exposure Panel - Detect" module is designed to detect the presence of the PgHero Dashboard Exposure panel. PgHero is a performance dashboard for Postgres databases that provides insights and monitoring capabilities. This module specifically focuses on identifying the exposure panel, which may indicate potential security risks or misconfigurations.

This module has a medium severity level, indicating that while it may not pose an immediate threat, it should still be addressed to ensure the security and proper configuration of the PgHero dashboard.

Author: DhiyaneshDk

Impact

The presence of the PgHero Dashboard Exposure panel may expose sensitive information or provide unauthorized access to the PgHero dashboard. This can potentially lead to data breaches, unauthorized modifications, or other security vulnerabilities.

How does the module work?

The module works by sending an HTTP GET request to the "/connections" endpoint of the target system. It then applies matching conditions to determine if the response indicates the presence of the PgHero Dashboard Exposure panel.

Matching conditions:

- The response body must contain the HTML title tag "<title>PgHero / Connections</title>". - The response status code must be 200.

If both conditions are met, the module considers the PgHero Dashboard Exposure panel to be detected.

Reference: https://github.com/ankane/pghero

Metadata:

- max-request: 1 - verified: true - shodan-query: title:

Module preview

Concurrent Requests (1)
1. HTTP Request template
GET/connections
Matching conditions
word: <title>PgHero / Connections</title>and
status: 200
Passive global matcher
No matching conditions.
On match action
Report vulnerability