Server Status Panel - Detect

What is the "Server Status Panel - Detect" module?

The "Server Status Panel - Detect" module is designed to detect the presence of a server status panel. It targets a specific software and helps identify if the server is misconfigured or vulnerable. The severity of the detected issue is classified as informative. This module was authored by DhiyaneshDK.

Impact

The presence of a server status panel can potentially expose sensitive information about the server's configuration and status. This information can be leveraged by attackers to gain unauthorized access or launch further attacks on the server.

How does the module work?

The "Server Status Panel - Detect" module works by performing HTTP requests and applying matching conditions to identify the presence of a server status panel. It uses the following matching conditions:

- Part: Body, Type: Word - Looks for the presence of the "<title>ServerStatus</title>" tag in the HTML body of the server's response. - Part: Header, Type: Word - Checks if the response header contains the word "text/html". - Part: All, Type: Status - Verifies if the response status code is 200 (OK).

If all the matching conditions are met, the module reports the presence of a server status panel.

Here is an example of an HTTP request that the module might send:

GET / HTTP/1.1
Host: example.com
User-Agent: Vidoc

It is important to note that this module is designed to detect the presence of a server status panel and does not perform any further actions or exploit any vulnerabilities.