Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

Vtiger CRM Installer Exposure

By kannthu

High
Vidoc logoVidoc Module
#misconfig#vtiger#install#exposure
Description

Vtiger CRM Installer Exposure

What is the "Vtiger CRM Installer Exposure" module?

The "Vtiger CRM Installer Exposure" module is designed to detect a misconfiguration vulnerability in the Vtiger CRM software. Vtiger CRM is a customer relationship management system used by businesses to manage their interactions with customers. This module focuses on a specific vulnerability that can potentially expose sensitive information during the installation process.

This module has a high severity level, indicating that if the vulnerability is present, it can pose a significant risk to the security of the Vtiger CRM installation.

This module was authored by DhiyaneshDk.

Impact

If the "Vtiger CRM Installer Exposure" vulnerability is present, it can allow unauthorized access to sensitive information during the installation process. This can potentially lead to the exposure of confidential data, such as database credentials or other sensitive configuration details. Attackers could exploit this vulnerability to gain unauthorized access to the Vtiger CRM system and potentially compromise the entire CRM infrastructure.

How does the module work?

The "Vtiger CRM Installer Exposure" module works by sending an HTTP GET request to the "/index.php?module=Install&view=Index" endpoint of the Vtiger CRM installation. It then applies a set of matching conditions to determine if the vulnerability is present.

The matching conditions include:

- The response body must contain the words "Installation Wizard" and "Welcome to Vtiger CRM". - The response headers must include the word "text/html". - The HTTP status code must be 200 (OK).

If all of these conditions are met, the module identifies the presence of the vulnerability and reports it as a potential security issue.

Module preview

Concurrent Requests (1)
1. HTTP Request template
GET/index.php?module=In...
Matching conditions
word: Installation Wizard, Welcome to Vtiger C...and
word: text/htmland
status: 200
Passive global matcher
No matching conditions.
On match action
Report vulnerability