Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

TIBCO Jaspersoft Login Panel - Detect

By kannthu

Informative
Vidoc logoVidoc Module
#panel#jaspersoft
Description

What is the "TIBCO Jaspersoft Login Panel - Detect?" module?

The "TIBCO Jaspersoft Login Panel - Detect" module is designed to detect the presence of the TIBCO Jaspersoft login panel. It targets the TIBCO JasperReports Server, a popular reporting and analytics software. This module is classified as informative, meaning it provides valuable information but does not indicate a vulnerability or misconfiguration.

Author: koti2, daffainfo

Impact

This module does not have a direct impact on the system. It simply detects the presence of the TIBCO Jaspersoft login panel, providing information about its existence.

How does the module work?

The module works by sending HTTP requests to specific paths associated with the TIBCO Jaspersoft login panel. It checks for specific words in the response body, such as "TIBCO Jaspersoft: Login" and "Could not login to JasperReports Server." Additionally, it verifies that the response status is 200 (OK).

Example HTTP request:

GET /jasperserver/login.html?error=1

The module uses the following matching conditions:

- Word matchers: It checks if any of the specified words are present in the response body, including "TIBCO Jaspersoft: Login," "Could not login to JasperReports Server," and "About TIBCO JasperReports Server." - Status matcher: It verifies that the response status is 200 (OK).

The module considers the conditions met if all the matchers evaluate to true.

Metadata:

- CWE-ID: CWE-200 - CVSS-Metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N - max-request: 2 - shodan-query: http.title:"Jaspersoft"

Module preview

Concurrent Requests (1)
1. HTTP Request template
GET/jasperserver/login..../jasperserver-pro/lo...
Matching conditions
word: TIBCO Jaspersoft: Login, Could not login...and
status: 200
Passive global matcher
No matching conditions.
On match action
Report vulnerability