Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

Zenphoto <1.5 Installer - Detect

By kannthu

Critical
Vidoc logoVidoc Module
#panel#zenphoto#setup#installer
Description

What is the "Zenphoto <1.5 Installer - Detect" module?

The "Zenphoto <1.5 Installer - Detect" module is designed to detect misconfigurations in the Zenphoto setup page before version 1.5. It targets the Zenphoto software, which is a popular open-source content management system (CMS). This module has a critical severity level, indicating that it identifies potentially serious vulnerabilities in the Zenphoto installation.

Impact

If misconfigurations are detected by this module, it could indicate potential security risks in the Zenphoto setup page. These misconfigurations may allow unauthorized access, data leaks, or other security breaches, compromising the integrity and confidentiality of the Zenphoto CMS.

How the module works?

The "Zenphoto <1.5 Installer - Detect" module works by sending HTTP requests to specific paths associated with the Zenphoto setup page. It then analyzes the response body for a specific word match, in this case, "Welcome to Zenphoto! This page will set up Zenphoto". If this word is found, it indicates that the Zenphoto setup page is present and potentially misconfigured.

By using this matching condition, the module can identify instances where the Zenphoto setup page is accessible and may require further investigation to ensure proper configuration and security measures are in place.

Module preview

Concurrent Requests (1)
1. HTTP Request template
GET/zp-core/setup/index.../zp/zp-core/setup/in.../gallery/zp-core/set...(+1 paths)
Matching conditions
word: Welcome to Zenphoto! This page will set ...
Passive global matcher
No matching conditions.
On match action
Report vulnerability