Lucee Web and Lucee Server Admin Login Panel - Detect
ID: lucee-login
Severity: info
Author: dhiyaneshDK,unp4ck
Tags: panel,lucee
Description
Section titled “Description”Lucee admin login panels were detected in both Web and Server tabs.
YAML Source
Section titled “YAML Source”id: lucee-login
info: name: Lucee Web and Lucee Server Admin Login Panel - Detect author: dhiyaneshDK,unp4ck severity: info description: Lucee admin login panels were detected in both Web and Server tabs. classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N cwe-id: CWE-200 metadata: max-request: 2 shodan-query: http.title:"Lucee" tags: panel,lucee
http: - method: GET path: - '{{BaseURL}}/lucee/admin/web.cfm' - '{{BaseURL}}/lucee/admin/server.cfm'
matchers-condition: and matchers: - type: word words: - '<title>Login - Lucee Web Administrator</title>' - '<title>Login - Lucee Server Administrator</title>' - "lucee-admin-search-input" - "lucee-docs-search-input" - "server-lucee-small.png.cfm" condition: or
- type: status status: - 200# digest: 4b0a00483046022100cea151e608323dc3673dda99e0150774bdd9c948dbd60887705e2a69c5b97c01022100c0ed943e2958c777958d61a298d0868502f76b3b11c4737c4b791d95356d2329:922c64590222798bb761d5b6d8e72950Guide to check the vulnerabilities
Section titled “Guide to check the vulnerabilities”This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.
$ nuclei -u "URL" -t "http/exposed-panels/lucee-login.yaml"