nuclei-templates/exposed-panels/magento-admin-panel.yaml

id: magento-admin-panel

info:
  name: Exposed Magento Admin Panel
  author: TechbrunchFR,ritikchaddha
  severity: info
  description: As a security best practice, Magento recommends that you use a unique, custom Admin URL instead of the default admin or a common term such as backend. Although it will not directly protect your site
    from a determined bad actor, it can reduce exposure to scripts that try to gain unauthorized access.
  reference:
    - https://docs.magento.com/user-guide/stores/store-urls-custom-admin.html
  metadata:
    verified: true
    shodan-query: http.component:"Magento"
  tags: magento,panel

requests:
  - method: GET
    path:
      - '{{BaseURL}}/admin'

    matchers-condition: and
    matchers:
      - type: status
        status:
          - 200

      - type: word
        part: body
        words:
          - "Magento Admin Page</title>"
Added a few Magento related templates 2021-05-18 13:53:10 +00:00			`id: magento-admin-panel`

			`info:`
			`name: Exposed Magento Admin Panel`
Update magento-admin-panel.yaml 2022-06-15 19:39:56 +00:00			`author: TechbrunchFR,ritikchaddha`
Added a few Magento related templates 2021-05-18 13:53:10 +00:00			`severity: info`
refactor: Description field uniformization * info field reorder * reference values refactored to list * added new lines after the id and before the protocols * removed extra new lines * split really long descriptions to multiple lines (part 1) * other minor fixes 2022-04-22 10:38:41 +00:00			`description: As a security best practice, Magento recommends that you use a unique, custom Admin URL instead of the default admin or a common term such as backend. Although it will not directly protect your site`
			`from a determined bad actor, it can reduce exposure to scripts that try to gain unauthorized access.`
			`reference:`
			`- https://docs.magento.com/user-guide/stores/store-urls-custom-admin.html`
Update magento-admin-panel.yaml 2022-06-15 19:42:54 +00:00			`metadata:`
			`verified: true`
			`shodan-query: http.component:"Magento"`
Updated tags 2021-06-11 07:15:16 +00:00			`tags: magento,panel`
Added a few Magento related templates 2021-05-18 13:53:10 +00:00
			`requests:`
			`- method: GET`
			`path:`
			`- '{{BaseURL}}/admin'`
matcher update 2021-05-18 16:56:34 +00:00
Strict matchers 2021-05-19 00:43:22 +00:00			`matchers-condition: and`
Added a few Magento related templates 2021-05-18 13:53:10 +00:00			`matchers:`
			`- type: status`
			`status:`
Update magento-admin-panel.yaml 2022-06-15 19:39:56 +00:00			`- 200`
Strict matchers 2021-05-19 00:43:22 +00:00
			`- type: word`
Update magento-admin-panel.yaml 2022-06-15 19:39:56 +00:00			`part: body`
Strict matchers 2021-05-19 00:43:22 +00:00			`words:`
Update magento-admin-panel.yaml 2022-06-15 19:39:56 +00:00			`- "Magento Admin Page</title>"`