Pentesting CMS Web Applications

The days of writing a web application from scratch is gone . Usually a third party application like wordpress or drupal is used to whip up a web application quickly. While this greatly aids any web developer, sometimes it can lead to problems such as zero day attacks being the biggest according. Also the methodology of pentesting these sort of applications is very easy as compared to a web application built from scratch. These are my usual recon techniques when it comes to CMS:-

-Any pentester’s browser is incomplete without the Wappalyzer plugin. This plugin greatly saves a lot of recon time as it can recognize the technology used by the website you want to pentest on .

-A nikto scan also really helps here. It can identify potential common vulnerabilities almost immediately and notify it.

-If it is a common CMS app like wordpress or drupal, there are some really good scanners already available like wpscan and droopescan which can identify vulnerable plugins almost immediately.

-Always check the version of the app for potential vulnerabilities, this is also an important step.

-Try to find the login page and try to login using default credentials. Or try to bruteforce the user password using default usernames such as root,admin,etc.

-Once in , try to find places where you can upload something like a php file or aspx file. These can help you get a reverse shell.Wordpress and drupal are very susceptible to this as do a number of known CMS apps suffer from RCE as well.

These are my CMS recon techniques which I have used with great success, so I really hope it helps people new to such techniques. Have a good day:)