Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

PRTG Traffic Grapher - Unauthenticated Access

By kannthu

High
Vidoc logoVidoc Module
#config#unauth#prtg#edb
Description

What is "PRTG Traffic Grapher - Unauthenticated Access?"

The "PRTG Traffic Grapher - Unauthenticated Access" module is designed to detect a misconfiguration vulnerability in the PRTG Traffic Grapher software. This vulnerability allows unauthorized access to the software without the need for authentication. The severity of this vulnerability is classified as high.

This module was authored by dhiyaneshDK.

Impact

If exploited, this vulnerability could allow attackers to gain unauthorized access to the PRTG Traffic Grapher software. This can lead to potential data breaches, unauthorized monitoring of network traffic, and other malicious activities.

How the module works?

The module works by sending an HTTP GET request to the "/sensorlist.htm" path of the target system. It then applies matching conditions to determine if the PRTG Traffic Grapher software is present and if the response status is 200 (OK).

The matching conditions used in this module are:

- The response must contain the word "PRTG Traffic Grapher". - The response status must be 200 (OK).

If both conditions are met, the module reports a vulnerability.

Example HTTP request:

GET /sensorlist.htm

Note: The module definition in JSON format is not shown here for simplicity.

Reference:

- https://www.exploit-db.com/ghdb/5808

Metadata:

max-request: 1

Module preview

Concurrent Requests (1)
1. HTTP Request template
GET/sensorlist.htm
Matching conditions
word: PRTG Traffic Grapherand
status: 200
Passive global matcher
No matching conditions.
On match action
Report vulnerability