Casdoor Login Panel - Detect

What is the "Casdoor Login Panel - Detect?"

The "Casdoor Login Panel - Detect" module is designed to detect the presence of the Casdoor login panel. Casdoor is a software that provides a user authentication and authorization system. This module focuses on identifying any misconfigurations or vulnerabilities related to the Casdoor login panel. The severity of this module is classified as informative, meaning it provides valuable information but does not pose an immediate threat.

This module was authored by princechaddha.

Impact

The impact of detecting the Casdoor login panel is dependent on the specific context and configuration of the software. However, it can potentially reveal information about the authentication and authorization mechanisms in place, which may aid in further analysis or potential exploitation.

How does the module work?

The module works by sending an HTTP GET request to the "/login" path of the target website. It then applies two matching conditions to determine if the Casdoor login panel is present:

- The module checks if the response body contains the HTML tag "<title>Casdoor</title>". This indicates that the page being accessed is the Casdoor login panel. - The module also verifies that the HTTP response status code is 200, indicating a successful request.

If both matching conditions are met, the module reports the detection of the Casdoor login panel.

Classification:

CWE-ID: CWE-200

CVSS-Metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N

Reference:

- https://casdoor.org/

Metadata:

max-request: 1

shodan-query: http.title:"Casdoor"