No Easy P1s on the fly if your site runs WP or Drupal

Hey guys, im back again.

This time let me introduce or reintroduce you to one of the easiest P1 Critical or exceptional finds, that you can look for and make those rankings all the way to the top on leaderboard.

I know there are tons of tools, for wordpress and other CMS enumerators.

Yet, this vulnerability occurs rarely, but worth checking out every time you hunt on a domain hosted .

You just cant try this trick on every website you come across, there are certain qualifications for the site in order to test this.

Install wappalyzer or use tools that tell you what the website is made of.

Only websites or domains that shows wordpress or Drupal on its CRM section qualifies to test this vulnerability.

WORDPRESS

If your site shows CRM as Wordpress, then try hitting the path /wp-install.php

DRUPAL

If Drupal is the case, then try hitting the path /core/install.php

If either case, shows that Wordpress or Drupal has already been installed, it’s time to move on, hard luck !

In case, if you get a set up window which actually installs Wordpress or Drupal, then CONGRATULATIONS .

You have found a P-1 critical security bug on a website.

The reason is simple.

You can create and install the CRM, and easily upload reverse shells as an Administrator and perform RCE attacks inside the CRM, making it a critical vulnerability.