25 lines
777 B
YAML
25 lines
777 B
YAML
id: magento-admin-panel
|
|
|
|
info:
|
|
name: Exposed Magento Admin Panel
|
|
author: TechbrunchFR
|
|
severity: info
|
|
description: As a security best practice, Magento recommends that you use a unique, custom Admin URL instead of the default admin or a common term such as backend. Although it will not directly protect your site from a determined bad actor, it can reduce exposure to scripts that try to gain unauthorized access.
|
|
reference: https://docs.magento.com/user-guide/stores/store-urls-custom-admin.html
|
|
tags: magento
|
|
|
|
requests:
|
|
- method: GET
|
|
path:
|
|
- '{{BaseURL}}/admin'
|
|
|
|
matchers-condition: and
|
|
matchers:
|
|
- type: status
|
|
status:
|
|
- 302
|
|
|
|
- type: word
|
|
words:
|
|
- "/admin/index/index/key/"
|
|
part: header |