Template for processwire cms admin panel

projectdiscovery / nuclei-templates

Community curated list of templates for the nuclei engine to find security vulnerabilities.

https://github.com/projectdiscovery/nuclei

MIT License

9.32k stars 2.64k forks source link

Template for processwire cms admin panel #5469

Closed RamkrishnaSawant closed 2 years ago

RamkrishnaSawant commented 2 years ago

Template Information:

    This is template for processwire login.
      Reference: https://processwire.com/docs/security/admin/

Nuclei Template:


info:
  name: ProcessWire login
  author: Ramkrishna Sawant
  severity: info
  reference: https://processwire.com/docs/security/admin/
  tags: panel,ProcessWire

requests:
  - method: GET
    path:
      - "{{BaseURL}}/processwire/"
    matchers:
      - type: word
        words:
          - "Password"
          -  "processwire"
        condition: and

RamkrishnaSawant commented 2 years ago

can anyone can tell me why it is false positive?

tess-ss commented 2 years ago

Hi @RamkrishnaSawant

Thank you for taking time and creating this issue, Appreciate it.

It seems like /processwire endpoint is only accessible on the cms website and the other sites using "processwire" cms does not seem to be using /processwire path as login.

Please let me know your thoughts on this.

Thanks, @tess-ss

princechaddha commented 2 years ago

Hi @RamkrishnaSawant, The response time to this issue was much longer than usual. Thank you for taking the time to create this issue and for contributing to the project 🍻

RamkrishnaSawant commented 1 year ago

welcome @princechaddha