nuclei-templates/http/vulnerabilities/magento/magento-cacheleak.yaml

42 lines
1.7 KiB
YAML
Raw Permalink Normal View History

2021-05-18 13:53:10 +00:00
id: magento-cacheleak
info:
name: Magento Cacheleak
author: TechbrunchFR
severity: high
2023-10-14 11:27:55 +00:00
description: Magento Cacheleak is an implementation vulnerability, result of bad implementation of web-server configuration for Magento platform. Magento was developed to work under the Apache web-server which natively works with .htaccess files, so all needed configuration directives specific for various internal Magento folders were placed in .htaccess files. When Magento is installed on web servers that are ignoring .htaccess files (such as nginx), an attacker can get access to internal Magento folders (such as the Magento cache directory) and extract sensitive information from cache files.
2021-05-18 13:53:10 +00:00
reference:
- https://support.hypernode.com/en/best-practices/security/how-to-secure-magento-cacheleak
- https://www.acunetix.com/vulnerabilities/web/magento-cacheleak/
- https://royduineveld.nl/magento-cacheleak-exploit/
2022-06-15 19:57:37 +00:00
metadata:
verified: true
2023-10-14 11:27:55 +00:00
max-request: 1
2022-06-15 19:57:37 +00:00
shodan-query: http.component:"Magento"
2021-05-18 13:53:10 +00:00
tags: magento
http:
2021-05-18 13:53:10 +00:00
- method: GET
path:
- '{{BaseURL}}/var/resource_config.json'
2021-05-19 00:22:07 +00:00
2023-10-14 11:27:55 +00:00
# Based on royduineveld.nl blogpost, was not tested against a vulnerable Magento site
2021-05-19 00:22:07 +00:00
matchers-condition: and
2021-05-18 13:53:10 +00:00
matchers:
- type: status
status:
2021-05-19 00:22:07 +00:00
- 200
- type: word
words:
- "media_directory"
- "allowed_resources"
part: body
- type: word
words:
- "application/json"
2023-10-14 11:27:55 +00:00
part: header
# digest: 4a0a00473045022100de286b51595551dd63ed4f45c9696d2a979ce475077de534e534eb76434b95fa02206b3e3bc4edc92082864db25b3fd418e2e6c4d363e88258107d180b663dae6eb5:922c64590222798bb761d5b6d8e72950