Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

PHP-FPM Status

By kannthu

Vidoc logoVidoc Module

PHP-FPM Status Module

What is the "PHP-FPM Status" module?

The "PHP-FPM Status" module is a test case designed to detect misconfigurations or vulnerabilities in PHP-FPM, a FastCGI Process Manager for PHP. It is an informative module that provides insights into the status of the PHP-FPM service.

This module has a severity level of "informative," meaning it provides valuable information but does not indicate a direct security risk.

Author: geeknik


This module does not have a direct impact on the system. It is used to gather information about the PHP-FPM service, such as the pool configuration, process manager details, start time, and process ID.

How does the module work?

The "PHP-FPM Status" module sends an HTTP GET request to the "/status?full" endpoint of the PHP-FPM service. It then applies matching conditions to determine if the response indicates a successful status and contains specific keywords related to the PHP-FPM service.

Example HTTP request:

GET /status?full

The module uses the following matching conditions:

- The response must have a status code of 200. - The response body must contain the following keywords: "pool:", "process manager:", "start time:", and "pid:".

If all matching conditions are met, the module reports a successful match.

Module preview

Concurrent Requests (1)
1. HTTP Request template
Matching conditions
word: pool:, process manager:, start time:, pi...and
status: 200
Passive global matcher
No matching conditions.
On match action
Report vulnerability