Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

Concrete5 Install Panel

By kannthu

Critical
Vidoc logoVidoc Module
#panel#install#concrete#cms
Description

What is the "Concrete5 Install Panel?"

The "Concrete5 Install Panel" module is designed to detect the presence of a Concrete5 installation panel. Concrete5 is a content management system (CMS) used for building websites and applications. This module focuses on identifying potential misconfigurations or vulnerabilities related to the installation panel.

This module has a severity level of critical, indicating that any issues found could have a significant impact on the security and functionality of the Concrete5 installation.

Author: osamahamad, princechaddha

Impact

If the Concrete5 installation panel is accessible and misconfigured or vulnerable, it could potentially allow unauthorized access or manipulation of the CMS. This could lead to unauthorized modifications to the website, data breaches, or other security risks.

How does the module work?

The "Concrete5 Install Panel" module performs a series of HTTP requests and matches the responses against specific conditions to determine if the Concrete5 installation panel is present.

One example of an HTTP request made by this module is:

GET /index.php/install

The module then checks the response for the presence of the following conditions:

- The response body contains the HTML tag <title>Install concrete5</title> - The HTTP status code is 200 (OK)

If both conditions are met, the module considers the Concrete5 installation panel to be present.

For more information on installing Concrete5, you can refer to the official documentation.

Metadata:

- max-request: 2 - verified: true - shodan-query: http.title:"Install concrete5"

Module preview

Concurrent Requests (1)
1. HTTP Request template
GET/index.php/install/concrete5/index.php...
Matching conditions
word: <title>Install concrete5</title>and
status: 200
Passive global matcher
No matching conditions.
On match action
Report vulnerability