Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

ProcessWire Login - Panel Detect

By kannthu

Informative
Vidoc logoVidoc Module
#panel#processwire
Description

What is the "ProcessWire Login - Panel Detect" module?

The "ProcessWire Login - Panel Detect" module is a test case designed to detect the presence of the ProcessWire login panel. ProcessWire is a content management system (CMS) that allows users to create and manage websites. This module specifically focuses on identifying the login panel within a ProcessWire installation.

The severity of this module is classified as informative, meaning it provides valuable information but does not indicate a vulnerability or misconfiguration.

This module was authored by Ramkrishna Sawant.

Impact

The impact of detecting the ProcessWire login panel is primarily informational. It signifies the presence of the login functionality within a ProcessWire installation, which is a standard component of the CMS.

How does the module work?

The "ProcessWire Login - Panel Detect" module works by sending an HTTP GET request to the "/processwire/" path of the target website. It then applies two matching conditions to determine if the ProcessWire login panel is present:

    - The module checks the response body for the presence of the string "ProcessWireAdminTheme.init();". If this string is found, it indicates that the login panel is being initialized. - The module verifies that the HTTP response status code is 200, indicating a successful request. This ensures that the target website is accessible and responsive.

If both matching conditions are met, the module reports the detection of the ProcessWire login panel.

For more information about the security of the ProcessWire admin panel, refer to the official ProcessWire documentation.

Metadata:

- Maximum number of requests: 1

- Verified: true

- Shodan query: http.html:"proce"

Module preview

Concurrent Requests (1)
1. HTTP Request template
GET/processwire/
Matching conditions
word: ProcessWireAdminTheme.init();and
status: 200
Passive global matcher
No matching conditions.
On match action
Report vulnerability