Automate Recon and scanning process with Vidoc. All security teams in one place
By kannthu
The "Plesk-stat (Log analyzer)" module is designed to detect misconfigurations in the Plesk-stat software, which is a log analyzer commonly used in web hosting environments. This module has a low severity level and was authored by th3.d1p4k.
If a misconfiguration is detected by this module, it could potentially expose sensitive information or allow unauthorized access to the Plesk-stat log analyzer. This could lead to security vulnerabilities and compromise the integrity of the system.
The module works by sending a GET request to the "/plesk-stat/" path and then applying a series of matching conditions to determine if a misconfiguration exists. The matching conditions include checking for a successful HTTP status code (200), specific words in the response body ("Index of /plesk-stat" and "Parent Directory"), and specific words related to log analyzer files ("anon_ftpstat", "ftpstat", "webstat-ssl", "webstat").
For example, if the response body contains any of the specified words, the module will consider it a match and report a vulnerability.
It's important to note that this module is just one test case within the Vidoc platform, which utilizes multiple modules to perform scanning and identify potential security issues.
For more information, you can refer to the Webalizer website.