Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

Sitecore Login Panel - Detect

By kannthu

Informative
Vidoc logoVidoc Module
#panel#sitecore
Description

What is the "Sitecore Login Panel - Detect" module?

The "Sitecore Login Panel - Detect" module is a test case designed to detect the presence of the Sitecore login panel. Sitecore is a popular content management system (CMS) used by many websites. This module focuses on identifying potential misconfigurations or vulnerabilities related to the Sitecore login panel.

The severity of this module is classified as informative, which means it provides valuable information but does not directly indicate a security risk.

This module was authored by dhiyaneshDK.

Impact

The impact of detecting the Sitecore login panel is primarily informational. It helps identify the presence of the login panel, which can be useful for further analysis or security assessments.

How does the module work?

The "Sitecore Login Panel - Detect" module works by sending an HTTP GET request to the "/sitecore/login/default.aspx" path. It then applies two matching conditions to determine if the Sitecore login panel is present:

- The module checks if the response contains the "/sitecore/shell/Themes/Standard/Default/Login.css" file, indicating the presence of the login panel's CSS styling. - It also verifies that the response status code is 200, indicating a successful request.

If both conditions are met, the module reports the detection of the Sitecore login panel.

Example HTTP request:

GET /sitecore/login/default.aspx

The module's matching conditions:

- Matcher 1: Check if the response contains the "/sitecore/shell/Themes/Standard/Default/Login.css" file. - Matcher 2: Verify that the response status code is 200.

Please note that this description provides an overview of the module's functionality and does not include the actual JSON definitions used by the Vidoc platform.

Module preview

Concurrent Requests (1)
1. HTTP Request template
GET/sitecore/login/defa...
Matching conditions
word: /sitecore/shell/Themes/Standard/Default/...and
status: 200
Passive global matcher
No matching conditions.
On match action
Report vulnerability