Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

phpBB Installation File Exposure

By kannthu

High
Vidoc logoVidoc Module
#misconfig#phpbb#install#exposure
Description

phpBB Installation File Exposure

What is the "phpBB Installation File Exposure?"

The "phpBB Installation File Exposure" module is designed to detect a misconfiguration vulnerability in phpBB installations. phpBB is a popular open-source forum software used to create online communities. This module focuses on identifying instances where the installation files of phpBB are exposed, which can potentially lead to unauthorized access or information disclosure.

This module has a severity level of high, indicating the potential impact of the vulnerability if left unaddressed.

Author: DhiyaneshDk

Impact

If the phpBB installation files are exposed, it can provide valuable information to attackers, such as the version of phpBB being used, the installation path, and potentially sensitive configuration details. This information can be leveraged to launch targeted attacks, exploit known vulnerabilities, or gain unauthorized access to the forum.

How the module works?

The "phpBB Installation File Exposure" module works by sending a GET request to the "/install/app.php" path of the target website. It then applies a series of matching conditions to determine if the installation files are exposed.

The matching conditions include:

- Body: The response body must contain the words "Installation Panel" and "Introduction". - Header: The response header must contain the word "text/html". - Status: The response status code must be 200 (OK).

If all the matching conditions are met, the module identifies the presence of the vulnerability.

Example HTTP request:

GET /install/app.php

This module is part of the Vidoc platform, which utilizes multiple modules to perform scanning and identify various security issues in web applications.

Module preview

Concurrent Requests (1)
1. HTTP Request template
GET/install/app.php
Matching conditions
word: Installation Panel, Introductionand
word: text/htmland
status: 200
Passive global matcher
No matching conditions.
On match action
Report vulnerability