Neos CMS Login Panel - Detect

What is the "Neos CMS Login Panel - Detect?"

The "Neos CMS Login Panel - Detect" module is designed to detect the presence of the login panel in the Neos CMS software. Neos CMS is a content management system used for building websites and applications. This module focuses on identifying the login panel, which is an important component for accessing the CMS backend. The severity of this module is classified as informative, meaning it provides valuable information but does not indicate a vulnerability or misconfiguration.

This module was authored by k11h-de.

Impact

The impact of this module is limited to providing information about the presence of the Neos CMS login panel. It does not indicate any specific vulnerabilities or misconfigurations. The module's purpose is to assist in identifying the login panel for further analysis or testing.

How does the module work?

The "Neos CMS Login Panel - Detect" module works by sending an HTTP GET request to the "/neos/login" path of the target website. It then applies two matching conditions to determine if the Neos CMS login panel is present:

- The module checks if the response body contains the phrase "Neos comes with ABSOLUTELY NO WARRANTY". This phrase is a distinctive marker indicating the presence of the Neos CMS login panel. - The module verifies that the HTTP response status code is 200, indicating a successful request.

If both matching conditions are met, the module reports the detection of the Neos CMS login panel.

For example, the module sends the following HTTP request:

GET /neos/login

The module then checks if the response body contains the phrase "Neos comes with ABSOLUTELY NO WARRANTY" and if the response status code is 200.

For more information, you can refer to the Neos CMS Configuration/Routes.yaml file.

Metadata: max-request: 1