Automate Recon and scanning process with Vidoc. All security teams in one place
By kannthu
The "PHP-FPM Status" module is a test case designed to detect misconfigurations or vulnerabilities in PHP-FPM, a FastCGI Process Manager for PHP. It is an informative module that provides insights into the status of the PHP-FPM service.
This module has a severity level of "informative," meaning it provides valuable information but does not indicate a direct security risk.
Author: geeknik
This module does not have a direct impact on the system. It is used to gather information about the PHP-FPM service, such as the pool configuration, process manager details, start time, and process ID.
The "PHP-FPM Status" module sends an HTTP GET request to the "/status?full" endpoint of the PHP-FPM service. It then applies matching conditions to determine if the response indicates a successful status and contains specific keywords related to the PHP-FPM service.
Example HTTP request:
GET /status?full
The module uses the following matching conditions:
- The response must have a status code of 200. - The response body must contain the following keywords: "pool:", "process manager:", "start time:", and "pid:".If all matching conditions are met, the module reports a successful match.