nuclei-templates/vulnerabilities/magento/magento-unprotected-dev-fil...

id: magento-unprotected-dev-files

info:
  name: Magento Unprotected development files
  author: TechbrunchFR
  severity: high
  description: Magento version 1.9.2.x includes /dev directories or files that might reveal your passwords and other sensitive information. The /dev directories and files are not protected by default. According to Magento, "these tests are not supposed to end up on production servers".
  reference: https://support.hypernode.com/en/support/solutions/articles/48001153348-how-to-secure-your-data-using-encryption-and-hashing
  tags: magento

requests:
  - method: GET
    path:
      - '{{BaseURL}}/dev/tests/functional/credentials.xml.dist'
      - '{{BaseURL}}/dev/tests/functional/etc/config.xml.dist'

    matchers:
      - type: dsl
        dsl:
          - 'contains(body, "Magento")'
          - 'contains(body, "replace xmlns:xsi=")'
          - 'contains(body, "<field path=")'
          - 'contains(tolower(all_headers), "application/xml") || contains(tolower(all_headers), "application/octet-stream")'
          - 'status_code == 200'
        condition: and

      - type: dsl
        dsl:
          - 'contains(body, "Magento")'
          - 'contains(body, "config xmlns:xsi")'
          - 'contains(body, "<application>")'
          - 'contains(body, "<install>")'
          - 'contains(tolower(all_headers), "application/xml") || contains(tolower(all_headers), "application/octet-stream")'
          - 'status_code == 200'
        condition: and
Added a few Magento related templates 2021-05-18 13:53:10 +00:00			`id: magento-unprotected-dev-files`

			`info:`
			`name: Magento Unprotected development files`
			`author: TechbrunchFR`
			`severity: high`
			`description: Magento version 1.9.2.x includes /dev directories or files that might reveal your passwords and other sensitive information. The /dev directories and files are not protected by default. According to Magento, "these tests are not supposed to end up on production servers".`
Improved matcher and paths 2021-05-20 14:28:57 +00:00			`reference: https://support.hypernode.com/en/support/solutions/articles/48001153348-how-to-secure-your-data-using-encryption-and-hashing`
Added a few Magento related templates 2021-05-18 13:53:10 +00:00			`tags: magento`

			`requests:`
			`- method: GET`
			`path:`
Improved matcher and paths 2021-05-20 14:28:57 +00:00			`- '{{BaseURL}}/dev/tests/functional/credentials.xml.dist'`
			`- '{{BaseURL}}/dev/tests/functional/etc/config.xml.dist'`

Added a few Magento related templates 2021-05-18 13:53:10 +00:00			`matchers:`
Improved matcher and paths 2021-05-20 14:28:57 +00:00			`- type: dsl`
			`dsl:`
			`- 'contains(body, "Magento")'`
			`- 'contains(body, "replace xmlns:xsi=")'`
			`- 'contains(body, "<field path=")'`
			`- 'contains(tolower(all_headers), "application/xml") \|\| contains(tolower(all_headers), "application/octet-stream")'`
			`- 'status_code == 200'`
			`condition: and`

			`- type: dsl`
			`dsl:`
			`- 'contains(body, "Magento")'`
			`- 'contains(body, "config xmlns:xsi")'`
			`- 'contains(body, "<application>")'`
			`- 'contains(body, "<install>")'`
			`- 'contains(tolower(all_headers), "application/xml") \|\| contains(tolower(all_headers), "application/octet-stream")'`
			`- 'status_code == 200'`
			`condition: and`