# Chapter 10: Exploitation CMS

A content management system (CMS) is a software application that can be used to manage the creation and modification of digital content.

<figure><img src="https://1674729424-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FyzdFWSUijzVYOP1hAsit%2Fuploads%2F5oH9fngkzRCj8MIeZXYO%2Fimage.png?alt=media&#x26;token=49a5d609-254d-413d-9681-0544548275ee" alt=""><figcaption><p>Internet CMS usage stats</p></figcaption></figure>

## WordPress

Once you find a site that uses WordPress, scan it with the [wpscan](https://github.com/wpscanteam/wpscan) tool:&#x20;

```bash
# WPScan vulnerability scan
wpscan --URL <URL>
```

Always make sure to check “/wp-content/uploads/” as you can often find sensitive information such as user emails, passwords, paid digital products, and much more.

## Joomla

Once you find a site that uses Joomla, scan it with the [Joomscan](https://github.com/rezasp/joomscan) tool:

```bash
# Joomscan vulnerability scanner
perl joomscan.pl -u <URL Here>
```

## Drupal

Once you find a site that uses Drupal, scan it with the [droopescan](https://github.com/droope/droopescan) tool:

```bash
# Droopescan vulnerability scanner
python3 droopescan scan Drupal -u <URL Here> -t 32
```

## Adobe AEM

Once you find a site that uses Adobe AEM, scan it with the [aemhacker](https://github.com/0ang3el/aem-hacker) tool:

* Note that to test for the SSRF vulnerabilities you need to have a public IP that the target server can connect back to.

```bash
# Aem hacker vulnerability scan
python aem_hacker.py -u <URL Here> --host <Your Public IP>
```

## Testing other CMSs

1. If you come across a CMS you haven't seen before the first step is to go to [exploit db](https://www.exploit-db.com/) and see if it has any known CVEs.
2. Look on Google to see if any new exploits came out that are not on exploit db yet.
3. Search GitHub to see if there is a tool that can scan for all the possible vulnerabilities and misconfigurations.