52 lines
1.7 KiB
YAML
52 lines
1.7 KiB
YAML
id: magento-downloader-panel
|
|
|
|
info:
|
|
name: Magento Connect Manager Installer - Detect
|
|
author: 5up3r541y4n
|
|
severity: info
|
|
description: |
|
|
Magento Connect Manager installer was detected. The software, available via /downloader/ location, requires Magento admin rights and uses the same authorization methods as for backend. If an attacker locates a matching pair of login/password, the installation will be compromised. An attacker can then discover backend URL for login (even if it is customized as described in Securing Magento /admin/) and install a Filesystem extension to obtain full access to all files and finally the database.
|
|
reference:
|
|
- https://magentary.com/kb/restrict-access-to-magento-downloader/
|
|
- https://www.mageplaza.com/kb/how-to-stop-brute-force-attacks-magento.html#solution-3
|
|
classification:
|
|
cpe: cpe:2.3:a:magento:magento:*:*:*:*:*:*:*:*
|
|
metadata:
|
|
max-request: 1
|
|
product: magento
|
|
shodan-query: http.component:"Magento"
|
|
vendor: magento
|
|
verified: true
|
|
tags: magento,exposure,panel
|
|
|
|
http:
|
|
- method: GET
|
|
path:
|
|
- '{{BaseURL}}/downloader/'
|
|
|
|
matchers-condition: and
|
|
matchers:
|
|
- type: word
|
|
part: body
|
|
words:
|
|
- "Magento Downloader"
|
|
- "Log In"
|
|
condition: and
|
|
|
|
- type: word
|
|
part: header
|
|
words:
|
|
- "text/html"
|
|
|
|
- type: status
|
|
status:
|
|
- 200
|
|
|
|
extractors:
|
|
- type: regex
|
|
part: body
|
|
group: 1
|
|
regex:
|
|
- '\(Magento Connect Manager ver\. ([0-9.]+)'
|
|
# digest: 4a0a004730450220329002224e78caf5e1e8e457a0d1648652ec712b169df5aac894d412030b6627022100d32f97eab267176a2e51414c5c8037df9043f67409898ff67b5f56330e4f9c10:922c64590222798bb761d5b6d8e72950
|