Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

Craft CMS Admin Login Panel - Detect

By kannthu

Informative
Vidoc logoVidoc Module
#panel#craftcms
Description

What is the "Craft CMS Admin Login Panel - Detect?"

The "Craft CMS Admin Login Panel - Detect" module is designed to detect the presence of the Craft CMS admin login panel. Craft CMS is a popular content management system used for building websites and web applications. This module focuses on identifying the login panel specifically.

The severity of this module is classified as informative, meaning it provides valuable information but does not indicate a vulnerability or misconfiguration.

This module was authored by Supr4s.

Impact

The impact of detecting the Craft CMS admin login panel is primarily informational. It does not indicate any immediate security risks or vulnerabilities. Instead, it provides insight into the presence of the login panel, which can be useful for further analysis and assessment of the Craft CMS installation.

How the module works?

The "Craft CMS Admin Login Panel - Detect" module operates by sending an HTTP GET request to the "/admin/login" path of the target website. It then applies matching conditions to the response body to determine if the Craft CMS admin login panel is present.

The matching conditions used in this module are:

- Check if the response body contains the phrase "title=\"Powered by Craft CMS\"" - Check if the response body contains the phrase "<a id=\\\"poweredby\\\" href=\\\"http:\\/\\/craftcms.com\\/\\\""

If either of these conditions is met, the module considers the Craft CMS admin login panel to be detected.

Example HTTP request:

GET /admin/login

Note: The actual HTTP request may include additional headers or parameters, but those are not specified in the module definition.

Module preview

Concurrent Requests (1)
1. HTTP Request template
GET/admin/login
Matching conditions
word: title="Powered by Craft CMS"or
word: <a id=\"poweredby\" href=\"http:\/\/craf...
Passive global matcher
No matching conditions.
On match action
Report vulnerability