search

🧞‍♂️CMS

hashtag
Herramientas para CMS

CMSmaparrow-up-right

cmsmap.py domain

hashtag
WordPress

hashtag
1. Directorios/rutas por defecto

  • /wp-admin/

    • /wp-admin/install.php

    • /wp-admin/admin-ajax.php

  • /wp-includes/version.php

  • /wp-includes/cache.php

  • /wp-activate.php

  • /wp-update/

  • /wp-cron.php

  • /wp-blog-header.php

  • /wp-links-opml.php

  • /wp-content/uploads/db-backup

  • /wp-content/debug.log

  • /wp-json/

    • /wp-json/wp/v2/settings

    • /wp-json/wp/v2/users

  • /wp-login.php

  • /xmlrpc.php

  • /wp-cron.php

  • /readme.html

  • /license.txt

  • /author-sitemap.xml

hashtag
2. Enumeración de usuarios

  • /?author[]=

  • /?author=0

  • /?author=1

  • /blog/

  • Fuerza bruta a través del domain/login y funcionalidad "contraseña olvidada"

hashtag
3. WP Version

  • /readme.html

  • /license.txt

  • / source code ->

  • /wp-includes/version.php

  • /wp-admin/upgrade.php

  • /wp-links-opml.php

  • /feed/rdf/

  • /feed/atom/

  • /feed/ => source code && XML

hashtag
4. Análisis

circle-info

Recurso:

Explotación del fichero xmlrpc.phparrow-up-right

hashtag
Drupal

hashtag
1. Directorios/rutas por defecto

  • robots.txt

  • CHANGELOG.txt

  • cron.php

  • INSTALL.mysql.txt

  • INSTALL.pgsql.txt

  • INSTALL.txt

  • LICENSE.txt

  • MAINTAINERS.txt

hashtag
2. Análisis

Droopescanarrow-up-right

Drupalggedon - Vulnerabilidad de RCEarrow-up-right

circle-info

Recurso:

https://hackertarget.com/drupal-security-scan/arrow-up-right

hashtag
Liferay

hashtag
1. Directorios/rutas por defecto

  • /api/jsonws

  • /tunnel-web/secure/webdav/

  • /data/document_library

  • /web/guest/

  • /web/guest/community/wiki/

  • /web/guest/community/blogs/

  • /_vti_bin/shtml.dll/_vti_rpc

hashtag
2. Credenciales por defecto

hashtag
3. Portlets

  • /html/portlet/NOMBRE_PORTLET/view.jsp

  • /?p_p_id=ID_PORTLET&p_p_lifecycle=0&p_p_state=maximized&p_p_mode=view&_3_struts_action=%2Fsearch%2Fsearch

circle-info

Recursos: https://web.liferay.com/es/community/wiki/-/wiki/Main/Portlet+IDsarrow-up-right https://github.com/bcoles/LiferayScan/blob/master/data/portlets.txtarrow-up-right

hashtag
Joomla

hashtag
1. Directorios/rutas por defecto

hashtag
2. Análisis

usuario por defecto - admin2:secret

hashtag
Magento

hashtag
1. Directorios/rutas por defecto

  • Magento 1.9 and older:

    • app/etc/local.xml

  • Magento 2:

    • app/etc/env.php

hashtag
2. Análisis

usuario por defecto --> user:bitnami1

hashtag
Moodle

hashtag
1. Directorios/rutas por defecto

  • admin/ - code to administrate the whole server

  • auth/ - plugin modules to authenticate users

  • blocks/ - plugin modules for the little side blocks on many pages

  • calendar/ - all the code for managing and displaying calendars

  • course/ - code to display and manage courses

  • files/ - code to display and manage uploaded files

  • lang/ - texts in different languages, one directory per language

  • lib/ - libraries of core Moodle code

  • login/ - code to handle login and account creation

  • mod/ - all the main Moodle course modules are here

  • pix/ - generic site graphics

  • repository/ - code to handle the 2.x file handling system

  • theme/ - theme packs/skins to change the look of the site

  • user/ - code to display and manage users

hashtag
2. Análisis

hashtag
PrestaShop

hashtag
1. Directorios/rutas por defecto

  • /api/configurations

  • /admin

  • /store/admin

  • app/AppKernel.php

  • config/settings.inc.php

  • /config/autoload.php

  • config/settings.inc.php (in PrestaShop v1.6)

  • config/autoload.php (in PrestaShop v1.7) and check the value of PS_VERSION

hashtag
Recursos

Previous7. LFI/RFINextAPIs

Last updated