Concrete5 CMS XSS, Nuclei Template Writing, Mass Hunting with Shodan & Wappalyzer & Reporting

 

Identification of Concrete5 CMS :
Wappalyzer:

Concrete5 CMS running on the web-application

Shodan:

Shodan Search Results


Shodan Search Results for specific org

 

Enumerating targets from shodan using cli

Censys
Search Query using Shodan

Writing Nuclei Template
nuclei template for concrete5 cms
Running Nuclei Template

Vulnerable Targets detected with the template

 

Exploiting XSS in Browser
Successful XSS in the concrete5 CMS

Reporting the Vulnerability

XSS reporting template