Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

QNAP Turbo NAS Login Panel - Detect

By kannthu

Informative
Vidoc logoVidoc Module
#panel#qnap#qts
Description

What is the "QNAP Turbo NAS Login Panel - Detect?"

The "QNAP Turbo NAS Login Panel - Detect" module is designed to detect the presence of the QNAP QTS login panel. QNAP QTS is a software platform used in QNAP Turbo NAS devices. This module focuses on identifying the login panel and does not perform any further actions. The severity of this module is classified as informative, meaning it provides valuable information but does not indicate a vulnerability or misconfiguration.

This module was authored by idealphase and daffainfo.

Impact

This module does not have any direct impact as it only detects the presence of the QNAP QTS login panel. It does not perform any actions or exploit any vulnerabilities.

How does the module work?

The "QNAP Turbo NAS Login Panel - Detect" module works by sending an HTTP GET request to the "/cgi-bin/html/login.html" path on the target QNAP Turbo NAS device. It then applies two matching conditions to determine if the login panel is present:

    - The module checks if the response body contains the string "QNAP Turbo NAS". This indicates that the login panel page has been successfully retrieved. - The module verifies that the HTTP response status code is 200, indicating a successful request.

If both matching conditions are met, the module reports the detection of the QNAP QTS login panel.

For example, the module sends the following HTTP GET request:

GET /cgi-bin/html/login.html

The module then checks if the response body contains the string "QNAP Turbo NAS" and if the HTTP response status code is 200.

Module preview

Concurrent Requests (1)
1. HTTP Request template
GET/cgi-bin//cgi-bin/html/login....
Matching conditions
word: QNAP Turbo NAS</title>and
status: 200
Passive global matcher
No matching conditions.
On match action
Report vulnerability