Web
Nmap scan earlier discovered that there was another web server running on port 8080 This web server was also mentioned in a note found in the other web server
Web Root
So this is the web root of the running OrchardCMS instance
The website itself just appears to be a blog for cooking recipes.
Wappalyzer also identifies it.
OrchardCMS
There is an hyperlink at the footer; Signin
i will sign-in with the credential; admin:@dm!n_P@ssW0rd!
I got signed-in
The dashboard hyperlink leads to /Admin
This must be the administrative panel for OrchardCMS
I can see the version of the app at the footer
Orchard v.1.10.1.0
This version of the app doesn’t seem to have any critical vulnerabilities.
Not much going on for the CMS as there was pretty much nothing came up during vulnerability research
There is a media tab where files can be uploaded but that’s about it