id: magento-downloader-panel info: name: Magento Connect Manager Installer - Detect author: 5up3r541y4n severity: info description: | Magento Connect Manager installer was detected. The software, available via /downloader/ location, requires Magento admin rights and uses the same authorization methods as for backend. If an attacker locates a matching pair of login/password, the installation will be compromised. An attacker can then discover backend URL for login (even if it is customized as described in Securing Magento /admin/) and install a Filesystem extension to obtain full access to all files and finally the database. reference: - https://magentary.com/kb/restrict-access-to-magento-downloader/ - https://www.mageplaza.com/kb/how-to-stop-brute-force-attacks-magento.html#solution-3 classification: cpe: cpe:2.3:a:magento:magento:*:*:*:*:*:*:*:* metadata: verified: true max-request: 1 vendor: magento product: magento shodan-query: - http.component:"Magento" - cpe:"cpe:2.3:a:magento:magento" - http.component:"magento" tags: magento,exposure,panel http: - method: GET path: - '{{BaseURL}}/downloader/' matchers-condition: and matchers: - type: word part: body words: - "Magento Downloader" - "Log In" condition: and - type: word part: header words: - "text/html" - type: status status: - 200 extractors: - type: regex part: body group: 1 regex: - '\(Magento Connect Manager ver\. ([0-9.]+)' # digest: 4a0a00473045022100b3a09d0a43a01318804662745ee2e04bcee0ee8de8a203b2c63f0fccd80e2f7f02204168520b28a940a3cdda767f3d42c434a27372545d6655a1fb35cf255fbe021e:922c64590222798bb761d5b6d8e72950