Strapi Admin Login Panel - Detect

What is the "Strapi Admin Login Panel - Detect?"

The "Strapi Admin Login Panel - Detect" module is designed to detect the presence of the Strapi admin login panel. Strapi is an open-source headless CMS that allows users to create and manage content. This module specifically targets the login panel of the Strapi admin interface.

The severity of this module is classified as informative, meaning it provides information about the presence of the login panel but does not indicate any specific vulnerability or misconfiguration.

This module was authored by idealphase.

Impact

The impact of detecting the Strapi admin login panel is primarily informational. It indicates that the login functionality of the Strapi admin interface is present and accessible.

How does the module work?

The module works by sending an HTTP GET request to the "/admin/auth/login" path of the target Strapi instance. It then applies two matching conditions to determine if the login panel is present:

- The module checks if the response body contains the HTML title tag "<title>Strapi Admin</title>". - The module checks if the response status code is 200, indicating a successful request.

If both matching conditions are met, the module reports the detection of the Strapi admin login panel.

Here is an example of the HTTP request sent by the module:

GET /admin/auth/login

The module then evaluates the response body and status code against the matching conditions described above.

The maximum number of requests made by this module is limited to 1.