Automate Recon and scanning process with Vidoc. All security teams in one place
By kannthu
The "ZOHO ManageEngine ADSelfService Plus - Detect" module is designed to detect the presence of the ZOHO ManageEngine ADSelfService Plus panel. This module focuses on identifying potential misconfigurations or vulnerabilities in the ADSelfService Plus software.
This module has an informative severity level, meaning it provides valuable information without posing an immediate threat.
Author: dhiyaneshDK, SaK1
The detection of the ZOHO ManageEngine ADSelfService Plus panel does not directly indicate any impact. However, it may suggest the presence of the software, which could be further investigated for potential security risks or misconfigurations.
The module utilizes HTTP request templates and matching conditions to identify the ZOHO ManageEngine ADSelfService Plus panel. It sends a GET request to the "/authorization.do" and "/servlet/GetProductVersion" paths.
The module's matching conditions include:
- Checking the response body for the presence of "<title>ADSelfService Plus</title>
" and ""PRODUCT_NAME":"ManageEngine ADSelfService
"
- Verifying that the response status is 200
If both matching conditions are met, the module reports the detection of the ZOHO ManageEngine ADSelfService Plus panel.
Example HTTP request:
GET /authorization.do/servlet/GetProductVersion
Metadata:
- Max-request: 2 - Verified: true - Shodan-query: http.title:"ADSelfService Plus"