Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

Plesk-stat (Log analyzer)

By kannthu

Low
Vidoc logoVidoc Module
#config#exposure#plesk
Description

What is "Plesk-stat (Log analyzer)"?

The "Plesk-stat (Log analyzer)" module is designed to detect misconfigurations in the Plesk-stat software, which is a log analyzer commonly used in web hosting environments. This module has a low severity level and was authored by th3.d1p4k.

Impact

If a misconfiguration is detected by this module, it could potentially expose sensitive information or allow unauthorized access to the Plesk-stat log analyzer. This could lead to security vulnerabilities and compromise the integrity of the system.

How does the module work?

The module works by sending a GET request to the "/plesk-stat/" path and then applying a series of matching conditions to determine if a misconfiguration exists. The matching conditions include checking for a successful HTTP status code (200), specific words in the response body ("Index of /plesk-stat" and "Parent Directory"), and specific words related to log analyzer files ("anon_ftpstat", "ftpstat", "webstat-ssl", "webstat").

For example, if the response body contains any of the specified words, the module will consider it a match and report a vulnerability.

It's important to note that this module is just one test case within the Vidoc platform, which utilizes multiple modules to perform scanning and identify potential security issues.

For more information, you can refer to the Webalizer website.

Module preview

Concurrent Requests (1)
1. HTTP Request template
GET/plesk-stat/
Matching conditions
status: 200and
word: Index of /plesk-stat, Parent Directoryand
word: anon_ftpstat, ftpstat, webstat-ssl, webs...
Passive global matcher
No matching conditions.
On match action
Report vulnerability