Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

Webmodule Login Panel - Detect

By kannthu

Informative
Vidoc logoVidoc Module
#edb#panel#webmodule-ee#login
Description

What is the "Webmodule Login Panel - Detect?"

The "Webmodule Login Panel - Detect" module is designed to detect the presence of the Webmodule login panel. This module targets the Webmodule software and helps identify potential misconfigurations or vulnerabilities related to the login panel. The severity of this module is classified as informative, meaning it provides valuable information but does not pose an immediate threat.

This module was authored by pussycat0x and daffainfo.

Impact

The impact of the Webmodule login panel detection module is primarily informational. It helps security professionals and administrators identify the presence of the login panel and assess the security posture of the Webmodule software. By detecting the login panel, potential vulnerabilities or misconfigurations can be further investigated and addressed.

How does the module work?

The "Webmodule Login Panel - Detect" module works by sending an HTTP GET request to the "/webmodule-ee/login.seam" path. It then applies two matching conditions to determine if the login panel is present:

    - The module checks if the response body contains the HTML title tag "<title>Webmodule</title>". This indicates that the login panel page is being returned. - The module verifies that the HTTP response status code is 200, indicating a successful request.

If both conditions are met, the module reports the detection of the Webmodule login panel.

Classification:

CWE-ID: CWE-200

CVSS-Metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N

Reference:

- https://www.exploit-db.com/ghdb/7001

Metadata:

max-request: 1

google-query: intitle:"Webmodule" inurl:"/webmod"

Module preview

Concurrent Requests (1)
1. HTTP Request template
GET/webmodule-ee/login....
Matching conditions
word: <title>Webmodule</title>and
status: 200
Passive global matcher
No matching conditions.
On match action
Report vulnerability