YzmCMS Login Panel - Detect

What is the "YzmCMS Login Panel - Detect?"

The "YzmCMS Login Panel - Detect" module is designed to detect the presence of the YzmCMS login panel. YzmCMS is a specific software that provides a login panel for website administrators. This module focuses on identifying instances of the YzmCMS login panel and provides information about its presence.

This module has an informative severity level, which means it provides valuable information but does not indicate a vulnerability or misconfiguration.

Author: pikpikcu, daffainfo

Impact

The detection of the YzmCMS login panel does not directly imply any impact. It serves as an indicator that the YzmCMS software is being used for website administration. The impact of YzmCMS itself depends on how it is configured and used.

How does the module work?

The "YzmCMS Login Panel - Detect" module works by sending an HTTP GET request to the "/admin/index/login.html" path. It then applies two matching conditions to determine if the YzmCMS login panel is present:

- The module checks if the response body contains the phrase "Powered By YzmCMS" or "Powered By <a href="http://www.yzmcms.com"". This indicates that the login panel is powered by YzmCMS. - The module verifies that the HTTP response status code is 200, indicating a successful request.

If both matching conditions are met, the module reports the detection of the YzmCMS login panel.

Example HTTP request:

GET /admin/index/login.html

Matching conditions:

- The response body contains either "Powered By YzmCMS" or "Powered By <a href="http://www.yzmcms.com"". - The HTTP response status code is 200.