Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

Web Editor Check - Detect

By kannthu

Informative
Vidoc logoVidoc Module
#panel#webeditors
Description

What is the "Web Editor Check - Detect" module?

The "Web Editor Check - Detect" module is designed to detect multiple web editor checks. It targets web editors such as FCKeditor, CKEditor, and Smart Editor 2. This module is classified as informative, meaning it provides information about potential misconfigurations or vulnerabilities without actively exploiting them. The module was authored by princechaddha, bernardofsr, and gy741.

Impact

This module does not directly impact the target system. Instead, it provides information about potential misconfigurations or vulnerabilities in web editors. The severity of the impact depends on the specific misconfiguration or vulnerability detected.

How does the module work?

The "Web Editor Check - Detect" module works by sending HTTP requests to specific paths associated with various web editors. It then matches the responses against predefined conditions to determine if any misconfigurations or vulnerabilities are present. For example, it may check for specific HTML titles or keywords in the response body.

Here is an example of an HTTP request sent by the module:

GET /fckeditor/_samples/default.html

The module uses matching conditions to determine if a misconfiguration or vulnerability is detected. In this case, it checks for specific words or phrases in the response body, such as "<title>FCKeditor", "<title>CKEditor Samples</title>", or "Custom Uploader URL:". If any of these conditions are met, the module considers the check as successful.

The module also provides metadata, including the maximum number of requests it can make, which in this case is 17.

Module preview

Concurrent Requests (1)
1. HTTP Request template
GET/fckeditor/_samples/.../fckeditor/editor/fi.../ckeditor/samples/(+14 paths)
Matching conditions
word: <title>FCKeditor, <title>CKEditor Sample...
Passive global matcher
No matching conditions.
On match action
Report vulnerability