• Stars
    star
    146
  • Rank 252,769 (Top 5 %)
  • Language
  • Created over 11 years ago
  • Updated over 9 years ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

A DB of known Web Application Admin URLS, Username/Password Combos and Exploits

Web Application Defaults DB

A DB of known Web Application Admin URLS, Username/Password Combos and Exploits

This list was originally released @ DerbyCon 2012 by Gillis Jones

Updated and released by the Web App Defaults DB Group

If you have info and don't want to trouble with Git, please feel free to shoot the info to:

[email protected]

and let us worry about the repo voodoo.

If you wish to submit via git, please use the following field types:

  • ADMINURL:
  • USERPASS:
  • INTERESTINGURL:
  • EXPLOITLINK:
  • COMMENT:

This will make it much easier for people to parse the entire db for information.

For example:

## Example CMS
Info: This webapp falls over if you hit /dos.php on version 1.0 and prior

* ADMINURL: /admin/uberleet.php 
* USERPASS: root:toor
* INTERESTINGURL: /database_test.php
* EXPLOITLINK: [http://exploitsdownload.com/search/cms](http://exploitsdownload.com/search/cms)
* COMMENT: Usernames with be [email protected]

Documentation: [http://www.wikipedia.org/](http:/www.wikipedia.org/)

API Documentation: [https://apigee.com/console](https://apigee.com/console)

List of CMSs in DB

  • Accrisoft Freedom
  • AdaptCMS Lite
  • Adobe Business Catalyst
  • Adobe CQ5
  • Alfresco Community Edition
  • Apache Lenya
  • ATutor
  • Autonomy Interwoven Teamsite CMS
  • b2evolution
  • BEdita
  • BLOG:CMS
  • blosxom
  • Bricolage
Cascade Server/login.act  http://help.hannonhill.com/kb/security  
CivicSpaceTo be determined     
Clickability (Limelight Networks)hosted by limelight?     
CMS Made Simple admin   http://exploitsdownload.com/search/cmsmadesimple
CMSimple admintest  http://exploitsdownload.com/search/cmsimple
Composite C1/Administration[email protected]admin Username may be [email protected] 
Computhink ViewWise      
Concrete5/index.php/login (alternatively /dashboard) adminrandom set at install"Yep, great tip. When you go to logs (after resetting the password), you tick the box for emails sent and click on print view with full text. This opens the email that was sent with the link to set a new password. Click on that link and it will open a new browser window."http://exploitsdownload.com/search/concrete5
Contegro    Hosted on Contegro.  
Content SORT    WP plugin 
CoreMedia WCM    <- Magic Quadrant Masterbaters 
Cotonti/admin.php    http://exploitsdownload.com/search/cotonti
Daisy/loginadminadmin   
Django-cms/adminadmin   http://exploitsdownload.com/search/django
Dokuwiki/dokuwiki?do=login    http://exploitsdownload.com/search/dokuwiki
Dotclear/dotclear/admin/    http://exploitsdownload.com/search/dotclear
dotCMS/admin/[email protected] (pre 1.9.2 [email protected])admin (pre 1.9.2 test)http://dotcms.com/docs/1.9/DefaultsOnAnInitialDotCMSInstall http://exploitsdownload.com/search/dotcms
DotNetNukeAdmin loginadmin   http://exploitsdownload.com/search/dotnetnuke
Drupal/admin or /?q=admin (non-clean) adminassigned in setup  http://exploitsdownload.com/search/drupal
DSpace(dspace?).site.com/admin      
DynPG/cms or /dynpg    http://exploitsdownload.com/search/dynpg
e107//e107_admin/admin.php?view.all    http://exploitsdownload.com/search/e107
Ektron CMS400.Net/workarea/login.aspxadminadmindocumentation.ektron.com/CMS400/v70/adminmanual.pdf  
Elcom CMS     http://exploitsdownload.com/search/elcom
EMC Documentum ECM      
EPrints/perl/users/homeadminadmin   
Escenic Content Engine/escenic/ _admin Specified by ownerdocumentation.vizrt.com/ece-pub-admin-guide-5.4.pdf  
Exponent CMS   http://docs.exponentcms.org/docs/2.0.3/logging-in http://exploitsdownload.com/search/exponentcms
ExpressionEngine/admin.php or /phpmyadmin/    http://exploitsdownload.com/search?q=expression+engine
Exsite Webware/cgi-bin/adminpassword   
eZ Publishadd "_admin" to the end of the frontoffice urladminpassword  http://exploitsdownload.com/search?q=frog+cms
Fedora.com:8091 or /loginadminadmin   
Flagship Docs      
Foswiki      
Frog CMS/admin/adminpassword creds valid pre 1.0 version 
Geeklog/admin/Adminpassword valid as of 02, looking for more recent sources.  
Habari/admin/login.php    http://exploitsdownload.com/search?q=habari
Hippo CMS.com:8080/cmsadminadmin   
Hyland OnBase ECM    Info Behind Paywall 
IBM Enterprise Content Management      
IBM Lotus Web Content Management      
Ikiwiki      
ImpressCMS/admin.php     
Jadu"/mymicrosite/jadu/
"     
JCore/admin/admin    
Joomla!/administrator or /joomla/administratoradmin    
Jumbojumbo/loginpage.phpadminpassword   
Kajona      
Kentico CMS/CMSSiteManageradministrator:blank:   
KnowledgeTree Community Edition/knowledgetree/adminadmin   
Liferay Community Edition      
LogicalDOC/logicaldoc/webdav/storeadminadmin As of 4.5 
Lyceum      
Magnolia:8080/magnoliaAuthor/.magnolia.superusersuperuser   
Mamboadministrator/index.phpadminadmin   
Mediawiki       
MiaCMS/login.phpadminlet_me_in   
Microsoft Office 365      
Microsoft SharePoint Foundation      
Microsoft SharePoint Server      
Midgard CMS/midgardadminpasswordhttp://www.midgard-project.org/documentation/midgard-admin-sitewizard/#36700c60b73acecb128e78b284b2d84e  
MODx    -Weirdness 
mojoPortal/Secure/Login.aspx[email protected]adminhttp://www.mojoportal.com/installation-quick-start.aspx  
Movable Type_mt/mt.cgi     
Mura CMS/adminadminadminhttp://docs.getmura.com/user-guide/users/  
Nucleus CMS/nucleus/  http://faq.nucleuscms.org/item/80  
Nuxeo EP/adminAdministratorAdministratorhttp://doc.nuxeo.com/display/NXDOC54/Setup  
O3spaces      
Ocportal/adminzoneadmin http://ocportal.com/docs5/tut_configuration.htm http://exploitsdownload.com/search/ocportal
OpenACS      
OpenCms8080/opencms/opencms/system/login/Adminadminhttp://www.opencms.org/en/development/installation/server.html http://exploitsdownload.com/search/opencms
OpenKM/OpenKMokmAdminadminhttp://forum.openkm.com/viewtopic.php?f=4&t=3711  
OpenText ECM Suite      
OpenText Web Experience Management      
OpenText Web Site Management      
OpenWGA/adminadminwgahttp://www.openwga.com/home/support/tutorials/going_live_from_openwga_developer_studio.en.html  
Opus     http://exploitsdownload.com/search/opus
Oracle ECM Suite.com:7001/console  http://docs.oracle.com/cd/E17904_01/doc.1111/e14495/verify.htm#CHDHCEFBcreds set in setup 
Orchard Project/Admin/   creds set in setup 
papaya CMS/papaya/  http://www.papaya-cms.comdocumentation in german 
Peardrop(CMS)/admin.phpadmin(?)adminhttp://peardrop.coolmediatech.com/index.php/Documentation_%280.1.x%29  
Percussion Software CM1      
Phire CMS      
PHP-Fusion/login.php  http://www.php-fusion.co.uk/ http://exploitsdownload.com/search/phpfusion/
PHP-Nuke/nuke/admin.phpGodPassword  http://exploitsdownload.com/search/phpnuke/
PHPSlash godpasswordhttp://phpxref.com/xref/phpslash/doc/html/single/phpslash.html.source.html http://exploitsdownload.com/search/phpslash/
Phpweblog/admin/users.phpBypass using securiteam link http://www.securiteam.com/unixfocus/6K0021P0KE.htmlsitekey:phpwebloghttp://exploitsdownload.com/search/phpweblog/
phpWebSite/admin.php adminphpwebsitehintsforums.macworld.com/archive/index.php/t-10721.html http://exploitsdownload.com/search/phpwebsite
phpWiki/phpwiki/admin.php     
Pier.com/?command=PULoginadminpierhttp://www.piercms.com/doc/faq#193819363  
pimcore/adminadminadminwww.pimcore.com http://exploitsdownload.com/search/pimcore/
PivotX/pivotx  http://book.pivotx.netuser created name/passhttp://exploitsdownload.com/search/pivotx/
Pixie (CMS)/adminadminpixie123http://www.getpixie.co.uk/support/article/manual-installation/  
PmWiki adminhttp://yate.null.ro/pmwiki/index.php?n=PmWiki.PasswordsAdmin http://exploitsdownload.com/search/pmwiki/
Polopoly Web CMS      
Prestashop/admin or /admin939  http://doc.prestashop.com/display/PS14/System+Administrator+Guide/admin is renamed upon installhttp://exploitsdownload.com/search/prestashop/
ProcessWire/processwire/adminprocesswire2http://www.processwire.com  
Pulse CMS/pulsepro/demohttp://www.pulsecms.com/docs/settings.phpCouldn't find usernamehttp://exploitsdownload.com/search/pulsecms/
Radiant/admin/adminradianthttp://radiantcms.org  
RavenNuke CMS/admin.php or /ravennuke230/admin.php  http://rnwiki.ravennuke.com http://exploitsdownload.com/search/ravennuke/
Refinery CMS:3000/refinery   http://refinerycms.com/guides/getting-startedNo default user http://exploitsdownload.com/search/refinery/
RenovatioCMS/?RVGET_document=System+Management  www.renovatiocms.com/English Site Incomplete  
Scoop      
Serendipity/serendipity/serendipity_admin.phpJohn Doejohnhttp://www.s9y.org/36.html http://exploitsdownload.com/search/serendipity
SilverStripe/adminadminpasswordhttp://doc.silverstripe.org/sapphire/en/topics/configurationUser can assign defaults in configurationhttp://exploitsdownload.com/search/silverstripe
Sitecore Professional Edition     http://exploitsdownload.com/search/sitecore
Sitefinity CMS/Sitefinity/LoginPages/LoginFormadminPasswordhttp://www.sitefinity.com/devnet/kb.aspxIf you see telerik.rad it's sitefinityhttp://exploitsdownload.com/search/sitefinity
Sitekit CMS/admin  http://www.sitekit.net  
SMW+ rootm8nixhttp://www.smwplus.com/index.php/Help:SMW%2B http://exploitsdownload.com/search/smwplus
SPIP      
Squiz CMS/_editadmin/editor/approverpasswordhttp://cms.squizsuite.net/quick-start-guide/admin password should be changedhttp://exploitsdownload.com/search?q=squiz
Squiz Matrix/_adminrootroothttp://matrix.squizsuite.net/quick-start-guide/ http://exploitsdownload.com/search?q=squiz
TangoCMSindex.php?url=session or /session  http://tangocms.org/announcements?page=2  
Telligent Community/telligent_evolutionadminpa$$word check for /solr/admin 
Textpattern/textpattern/index.php or /textpattern/    http://exploitsdownload.com/search?q=textpattern
Tiki Wiki CMS Groupware/tiki/tiki-login_scr.phpadminadminhttp://doc.tiki.org/Admin+Problems http://exploitsdownload.com/search?q=tikiwiki
Titan CMS      
Tribiq CMS/admintribiq.com/tribiq-6-documentation-installation.download http://exploitsdownload.com/search?q=tribiq
TWiki/cgi-bin/loginadmin http://twiki.org/ http://exploitsdownload.com/search?q=twiki
Typo      
TYPO3/typo3adminpasswordhttp://wiki.typo3.org/TYPO3_Installation_Basics http://exploitsdownload.com/search?q=typo3
uCoz/admin     
Umbraco/umbraco/login.aspxadmindefaulthttp://our.umbraco.org/  
VosaoCMS/cms[email protected]admin   
WebGUI root  http://www.exploitsdownload.com/search?q=webgui
Webnodes CMS      
WolfCMS/admin/http://www.wolfcms.org/wiki/books:administration http://www.exploitsdownload.com/search?q=wolfCMS
WordPress/wp-admin/adminhttp://codex.wordpress.org/Why are you looking HERE for WP?http://www.exploitsdownload.com/search?q=Wordpress
Wuzly/admin/login.phpAdministrator100  http://osvdb.com/search/search?search[vuln_title]=wuzly
Xaraya      
XOOPS/admin.phpadminadminxoops.org http://www.exploitsdownload.com/search?q=XOOPS
Xpress Engine/index.php?module=adminhttp://xpressengine.org http://www.exploitsdownload.com/search?q=XpressEngine
Yanel.com:8080/yanel/  http://yanel.wyona.org/en/documentation/index.html  
Zikula/admin.php or user.php  http://phpxref.zikula.de/nav.html?system/Admin/lib/Admin/Controller/Admin.php.html http://www.cvedetails.com/vulnerability-list/vendor_id-10810/Zikula.html
Zotonic adminadmin Written in Erlang