Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

ZOHO ManageEngine ADSelfService Plus - Detect

By kannthu

Informative
Vidoc logoVidoc Module
#panel#zoho#manageengine
Description

What is "ZOHO ManageEngine ADSelfService Plus - Detect"?

The "ZOHO ManageEngine ADSelfService Plus - Detect" module is designed to detect the presence of the ZOHO ManageEngine ADSelfService Plus panel. This module focuses on identifying potential misconfigurations or vulnerabilities in the ADSelfService Plus software.

This module has an informative severity level, meaning it provides valuable information without posing an immediate threat.

Author: dhiyaneshDK, SaK1

Impact

The detection of the ZOHO ManageEngine ADSelfService Plus panel does not directly indicate any impact. However, it may suggest the presence of the software, which could be further investigated for potential security risks or misconfigurations.

How does the module work?

The module utilizes HTTP request templates and matching conditions to identify the ZOHO ManageEngine ADSelfService Plus panel. It sends a GET request to the "/authorization.do" and "/servlet/GetProductVersion" paths.

The module's matching conditions include:

- Checking the response body for the presence of "<title>ADSelfService Plus</title>" and ""PRODUCT_NAME":"ManageEngine ADSelfService" - Verifying that the response status is 200

If both matching conditions are met, the module reports the detection of the ZOHO ManageEngine ADSelfService Plus panel.

Example HTTP request:

GET /authorization.do/servlet/GetProductVersion

Metadata:

- Max-request: 2 - Verified: true - Shodan-query: http.title:"ADSelfService Plus"

Module preview

Concurrent Requests (1)
1. HTTP Request template
GET/authorization.do/servlet/GetProductV...
Matching conditions
word: <title>ADSelfService Plus</title>, "PROD...and
status: 200
Passive global matcher
No matching conditions.
On match action
Report vulnerability