nuclei-templates/http/technologies/magento-detect.yaml

id: magento-detect

info:
  name: Magento Detect
  author: TechbrunchFR
  severity: info
  description: Identify Magento
  reference:
    - https://devdocs.magento.com/guides/v2.4/graphql/
  metadata:
    verified: true
    shodan-query: http.component:"Magento"
  tags: magento,tech

http:
  - method: GET
    path:
      - '{{BaseURL}}'
      - '{{BaseURL}}/graphql?query=+{customerDownloadableProducts+{+items+{+date+download_url}}+}'

      # There might be a better way to do that, the idea of this check is that Magento might be behind some kind of proxy when
      # consumed by a SPA/PWA app, so we need a valid GraphQL query from Magento to check reference[1]

    matchers-condition: or
    matchers:
      - type: dsl
        dsl:
          - 'contains(tolower(all_headers), "x-magento")'
          - 'status_code == 200'
        condition: and

      - type: dsl
        dsl:
          - 'contains(body, "graphql-authorization")'
          - 'contains(body, "The current customer")'
          - 'status_code == 200'
        condition: and
Added a few Magento related templates 2021-05-18 13:53:10 +00:00			`id: magento-detect`

			`info:`
			`name: Magento Detect`
			`author: TechbrunchFR`
			`severity: info`
			`description: Identify Magento`
Misc (minor) Related nuclei tickets: * #259 - dynamic key-value field support for template information * #940 - new infos in template * #834 * RES-84 2021-08-19 14:25:01 +00:00			`reference:`
			`- https://devdocs.magento.com/guides/v2.4/graphql/`
Update magento-detect.yaml 2022-06-15 19:57:31 +00:00			`metadata:`
			`verified: true`
			`shodan-query: http.component:"Magento"`
Fix tech tags in technologies folder 2022-11-14 19:45:12 +00:00			`tags: magento,tech`
Added a few Magento related templates 2021-05-18 13:53:10 +00:00
Refactoring the directory structure based on protocols (#7137) * moving http templates * updated cves.json * moved network CVEs * updated scripts * updated workflows * updated requests to http * replaced network to tcp --------- Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com> 2023-04-27 04:28:59 +00:00			`http:`
Added a few Magento related templates 2021-05-18 13:53:10 +00:00			`- method: GET`
			`path:`
			`- '{{BaseURL}}'`
path update 2021-05-19 01:11:04 +00:00			`- '{{BaseURL}}/graphql?query=+{customerDownloadableProducts+{+items+{+date+download_url}}+}'`
Simplified matchers 2021-05-18 17:29:14 +00:00
Re-enable alternative detect requests 2021-05-18 13:57:50 +00:00			`# There might be a better way to do that, the idea of this check is that Magento might be behind some kind of proxy when`
Misc (minor) Related nuclei tickets: * #259 - dynamic key-value field support for template information * #940 - new infos in template * #834 * RES-84 2021-08-19 14:25:01 +00:00			`# consumed by a SPA/PWA app, so we need a valid GraphQL query from Magento to check reference[1]`
Simplified matchers 2021-05-18 17:29:14 +00:00
misc changes 2021-05-19 00:22:07 +00:00			`matchers-condition: or`
Re-enable alternative detect requests 2021-05-18 13:57:50 +00:00			`matchers:`
Simplified matchers 2021-05-18 17:29:14 +00:00			`- type: dsl`
			`dsl:`
			`- 'contains(tolower(all_headers), "x-magento")'`
			`- 'status_code == 200'`
			`condition: and`

			`- type: dsl`
			`dsl:`
misc changes 2021-05-19 00:22:07 +00:00			`- 'contains(body, "graphql-authorization")'`
Simplified matchers 2021-05-18 17:29:14 +00:00			`- 'contains(body, "The current customer")'`
			`- 'status_code == 200'`
path update 2021-05-19 01:11:04 +00:00			`condition: and`