33 lines
911 B
YAML
33 lines
911 B
YAML
id: magento-admin-panel
|
|
|
|
info:
|
|
name: Exposed Magento Admin Panel
|
|
author: TechbrunchFR,ritikchaddha
|
|
severity: info
|
|
description: |
|
|
As a security best practice, Magento recommends that you use a unique, custom Admin URL instead of the default admin or a common term such as backend. Although it will not directly protect your site
|
|
from a determined bad actor, it can reduce exposure to scripts that try to gain unauthorized access.
|
|
reference:
|
|
- https://docs.magento.com/user-guide/stores/store-urls-custom-admin.html
|
|
metadata:
|
|
verified: true
|
|
shodan-query: http.component:"Magento"
|
|
tags: magento,panel
|
|
|
|
requests:
|
|
- method: GET
|
|
path:
|
|
- '{{BaseURL}}/admin'
|
|
|
|
host-redirects: true
|
|
max-redirects: 2
|
|
matchers-condition: and
|
|
matchers:
|
|
|
|
- type: word
|
|
part: body
|
|
words:
|
|
- "Magento"
|
|
- "Admin Panel"
|
|
condition: and
|