id: magento-config-disclosure info: name: Magento Configuration Panel - Detect author: ptonewreckin,danigoland,geeknik severity: high description: | Magento configuration panel was detected. Misconfigured instances of Magento may disclose usernames, passwords, and database configurations via /app/etc/local.xml. reference: - https://github.com/ptonewreckin/cmsDetector/blob/master/signatures/magento.py classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 cwe-id: CWE-200 metadata: max-request: 3 verified: true shodan-query: http.component:"Magento" tags: magento,exposure,credential,config http: - method: GET path: - "{{BaseURL}}/app/etc/local.xml" - "{{BaseURL}}/app/etc/local.xml.additional" - "{{BaseURL}}/store/app/etc/local.xml" stop-at-first-match: true matchers-condition: and matchers: - type: word part: body words: - "* Magento" - "" condition: and - type: word part: header words: - "application/xml" - type: status status: - 200 extractors: - type: xpath part: body xpath: - "/config/global/resources/default_setup/connection/host" - "/config/global/resources/default_setup/connection/username" - "/config/global/resources/default_setup/connection/password" - "/config/global/resources/default_setup/connection/dbname"