Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

PMM Installation Wizard

By kannthu

High
Vidoc logoVidoc Module
#misconfig#exposure#install#pmm
Description

PMM Installation Wizard

What is the "PMM Installation Wizard?"

The PMM Installation Wizard is a module designed to detect misconfigurations and vulnerabilities related to the installation process of PMM (Percona Monitoring and Management). PMM is a free and open-source platform used for monitoring and managing the performance of MySQL and MongoDB databases.

This module has a high severity level, indicating that it targets critical issues that can potentially lead to security breaches or system failures.

Impact

If misconfigurations or vulnerabilities are detected during the PMM installation process, it can expose sensitive information or provide unauthorized access to the system. This can result in data breaches, compromised database performance, or unauthorized control over the monitored databases.

How the module works?

The PMM Installation Wizard module works by sending HTTP requests to specific paths on the target system. It then applies matching conditions to determine if the installation process is vulnerable or misconfigured.

For example, one of the HTTP requests sent by this module is a GET request to the path "/password-page/ovf/account-credentials-ovf". The module checks if the response body contains the phrase "PMM Installation Wizard", the response header includes "text/html", and the response status is 200 (OK).

If all the matching conditions are met, the module reports a vulnerability or misconfiguration related to the PMM installation process.

Note: The above description provides an overview of the module's purpose, impact, and how it works. For more technical details and the actual JSON definitions, please refer to the module's documentation.

Module preview

Concurrent Requests (1)
1. HTTP Request template
GET/password-page/ovf/a...
Matching conditions
word: PMM Installation Wizardand
word: text/htmland
status: 200
Passive global matcher
No matching conditions.
On match action
Report vulnerability