Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

GetSimple CMS - Installer

By kannthu

Critical
Vidoc logoVidoc Module
#getsimple#exposure#installer
Description

What is the "GetSimple CMS - Installer" module?

The "GetSimple CMS - Installer" module is designed to detect the presence of the GetSimple CMS installer. GetSimple CMS is a content management system that targets small businesses and individuals who require a simple and lightweight solution for managing their website content. This module focuses on identifying any misconfigurations or vulnerabilities related to the GetSimple CMS installation process.

This module has a severity level of critical, indicating that any issues detected by this module should be addressed immediately to ensure the security and stability of the GetSimple CMS installation.

Impact

If this module detects any misconfigurations or vulnerabilities in the GetSimple CMS installer, it could potentially expose the website to security risks. Attackers may be able to exploit these weaknesses to gain unauthorized access, manipulate website content, or disrupt the normal functioning of the CMS.

How the module works?

The "GetSimple CMS - Installer" module works by sending a GET request to the "/admin/install.php" path of the target website. It then applies matching conditions to determine if the GetSimple CMS installer is present and functioning correctly.

The matching conditions for this module include:

- Checking if the response contains the title tag "<title>GetSimple ยป Installation</title>" and the phrase "PHP Version". - Verifying that the response status code is 200 (OK).

If both matching conditions are met, the module will report a vulnerability related to the GetSimple CMS installer.

Module preview

Concurrent Requests (1)
1. HTTP Request template
GET/admin/install.php
Matching conditions
word: <title>GetSimple &raquo; Installation</t...and
status: 200
Passive global matcher
No matching conditions.
On match action
Report vulnerability