phpPgAdmin Login Panel - Detect

What is the "phpPgAdmin Login Panel - Detect?" module?

The "phpPgAdmin Login Panel - Detect" module is designed to detect the presence of the phpPgAdmin login panel. phpPgAdmin is a web-based administration tool for managing PostgreSQL databases. This module focuses on identifying the login panel and does not perform any further actions.

This module has an informative severity level, meaning it provides valuable information but does not indicate a vulnerability or misconfiguration.

Author: Ganofins, Nullfuzz

Impact

This module does not have any direct impact as it only detects the presence of the phpPgAdmin login panel. However, the existence of the login panel may indicate potential access to the PostgreSQL database management system.

How does the module work?

The module works by sending an HTTP GET request to the "/phppgadmin/" path. It then applies two matching conditions to determine if the phpPgAdmin login panel is present.

The first condition checks if the response status code is 200 (OK) and if the response body contains the strings "intro.php" and "browser.php".

status_code == 200
contains(body, `intro.php`) && contains(body, `browser.php`)

The second condition checks if the response status code is 200 (OK) and if the response body contains the string "<title>phpPgAdmin".

status_code == 200
contains(body, `<title>phpPgAdmin`)

If either of these conditions is met, the module considers the phpPgAdmin login panel to be detected.

For more information, you can refer to the official documentation.

Metadata:

- max-request: 2 - verified: true - shodan-query: htt