Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

Strapi Admin Login Panel - Detect

By kannthu

Informative
Vidoc logoVidoc Module
#panel#strapi#login
Description

What is the "Strapi Admin Login Panel - Detect?"

The "Strapi Admin Login Panel - Detect" module is designed to detect the presence of the Strapi admin login panel. Strapi is an open-source headless CMS that allows users to create and manage content. This module specifically targets the login panel of the Strapi admin interface.

The severity of this module is classified as informative, meaning it provides information about the presence of the login panel but does not indicate any specific vulnerability or misconfiguration.

This module was authored by idealphase.

Impact

The impact of detecting the Strapi admin login panel is primarily informational. It indicates that the login functionality of the Strapi admin interface is present and accessible.

How does the module work?

The module works by sending an HTTP GET request to the "/admin/auth/login" path of the target Strapi instance. It then applies two matching conditions to determine if the login panel is present:

- The module checks if the response body contains the HTML title tag "<title>Strapi Admin</title>". - The module checks if the response status code is 200, indicating a successful request.

If both matching conditions are met, the module reports the detection of the Strapi admin login panel.

Here is an example of the HTTP request sent by the module:

GET /admin/auth/login

The module then evaluates the response body and status code against the matching conditions described above.

The maximum number of requests made by this module is limited to 1.

Module preview

Concurrent Requests (1)
1. HTTP Request template
GET/admin/auth/login
Matching conditions
word: <title>Strapi Admin</title>and
status: 200
Passive global matcher
No matching conditions.
On match action
Report vulnerability