2022-03-07 19:52:18 +00:00
|
|
|
id: kentico-login
|
2022-03-07 15:59:37 +00:00
|
|
|
|
|
|
|
info:
|
2022-03-07 19:52:18 +00:00
|
|
|
name: Kentico Login Panel
|
2022-03-07 15:59:37 +00:00
|
|
|
author: d4vy
|
|
|
|
severity: info
|
2022-03-07 19:53:08 +00:00
|
|
|
reference: https://docs.xperience.io/k8/using-the-kentico-interface
|
2022-03-07 19:52:18 +00:00
|
|
|
tags: panel,login,kentico
|
2022-03-07 15:59:37 +00:00
|
|
|
|
|
|
|
requests:
|
|
|
|
- method: GET
|
|
|
|
path:
|
|
|
|
- "{{BaseURL}}/Admin/CMSAdministration.aspx"
|
2022-03-07 19:52:18 +00:00
|
|
|
- "{{BaseURL}}/CMSPages/logon.aspx"
|
2022-03-07 15:59:37 +00:00
|
|
|
|
2022-03-07 19:52:18 +00:00
|
|
|
stop-at-first-match: true
|
|
|
|
matchers-condition: or
|
2022-03-07 15:59:37 +00:00
|
|
|
matchers:
|
2022-03-07 19:52:18 +00:00
|
|
|
- type: dsl
|
|
|
|
dsl:
|
|
|
|
- "status_code==302"
|
|
|
|
- "contains(tolower(body), 'cmspages/logon.aspx')"
|
|
|
|
condition: and
|
2022-03-07 15:59:37 +00:00
|
|
|
|
2022-03-07 19:52:18 +00:00
|
|
|
- type: dsl
|
|
|
|
dsl:
|
|
|
|
- "status_code==200"
|
|
|
|
- "contains(tolower(body), 'cmspages/getresource.ashx')"
|
|
|
|
condition: and
|