Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

Somansa DLP Login Panel - Detect

By kannthu

Informative
Vidoc logoVidoc Module
#panel#somansa#dlp
Description

What is the "Somansa DLP Login Panel - Detect?"

The "Somansa DLP Login Panel - Detect" module is designed to detect the presence of the Somansa Data Loss Prevention (DLP) login panel. This module focuses on identifying potential misconfigurations or vulnerabilities related to the Somansa DLP software.

The severity of this module is classified as informative, meaning it provides valuable information about the presence of the Somansa DLP login panel but does not indicate an immediate security risk.

This module was authored by gy741 and ritikchaddha.

Impact

The detection of the Somansa DLP login panel can provide insights into the presence and configuration of the Somansa DLP software within a target system. This information can be useful for security assessments and identifying potential areas of concern related to data loss prevention.

How does the module work?

The "Somansa DLP Login Panel - Detect" module utilizes HTTP request templates and matching conditions to identify the presence of the Somansa DLP login panel. It sends specific GET requests to the target system, including paths such as "/DLPCenter/loginform.sms" and "/DLPCenter/images/favicon.ico".

The module applies two matching conditions to determine if the Somansa DLP login panel is present:

    - The first condition checks the response body for the presence of the "/DLPCenter/js/" and "SOMANSA" keywords. This condition is case-insensitive and requires both keywords to be present. - The second condition utilizes a DSL (Domain Specific Language) expression to evaluate the response status code and a hash-based comparison. It checks if the status code is 200 and if the hash of the response body matches a specific value.

If either of these conditions is met, the module considers the Somansa DLP login panel to be detected.

For example, one of the HTTP requests sent by the module could be:

GET /DLPCenter/loginform.sms

Overall, the module provides a reliable method for identifying the presence of the Somansa DLP login panel based on specific matching conditions.

Module preview

Concurrent Requests (1)
1. HTTP Request template
GET/DLPCenter/loginform.../DLPCenter/images/fa...
Matching conditions
word: /DLPCenter/js/, SOMANSAor
dsl: status_code==200 && ("-1217239281" == mm...
Passive global matcher
No matching conditions.
On match action
Report vulnerability