Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

Exposed Magento 2 API

By kannthu

Informative
Vidoc logoVidoc Module
#magento
Description

What is the "Exposed Magento 2 API?"

The "Exposed Magento 2 API" module is designed to detect a vulnerability in the Magento 2 software. It targets the Magento 2 API, which allows access to sensitive information without requiring credentials. This vulnerability exposes storefront information, such as product details, store configurations, and store views, to potential attackers.

This module has a severity level of "informative," indicating that it provides information about a potential vulnerability but does not actively exploit or cause harm to the system.

Impact

If the "Exposed Magento 2 API" vulnerability is present, it can lead to unauthorized access to sensitive information, potentially compromising customer data, product details, and store configurations. This can result in reputational damage, financial loss, and legal consequences for the affected organization.

How the module works?

The "Exposed Magento 2 API" module works by sending HTTP requests to specific endpoints of the Magento 2 API. It then applies matching conditions to determine if the vulnerability is present.

For example, one of the HTTP requests sent by this module is a GET request to the following endpoints:

/rest/V1/products
/rest/V1/store/storeConfigs
/rest/V1/store/storeViews

The module checks if the response body of these requests contains certain keywords, such as "searchCriteria," "parameters," "message," "secure_base_link_url," "timezone," "name," and "website_id." It also verifies that the response headers indicate the content type as "application/json" and that the status code is 200.

If any of these conditions are met, the module flags the vulnerability as present.

By detecting this vulnerability, organizations can take appropriate measures to secure their Magento 2 installations and protect sensitive information from unauthorized access.

Module preview

Concurrent Requests (1)
1. HTTP Request template
GET/rest/V1/products/rest/V1/store/store.../rest/V1/store/store...
Matching conditions
dsl: contains(body, "searchCriteria"), contai...or
dsl: contains(body, "secure_base_link_url"), ...or
dsl: contains(body, "name"), contains(body, "...
Passive global matcher
No matching conditions.
On match action
Report vulnerability