Automate Recon and scanning process with Vidoc. All security teams in one place
By kannthu
The Magento Cacheleak module is designed to detect an implementation vulnerability in the web-server configuration for the Magento platform. Magento is a popular e-commerce platform that runs on the Apache web-server. This vulnerability is considered high severity.
Author: TechbrunchFR
If exploited, the Magento Cacheleak vulnerability can lead to unauthorized access to sensitive information stored in the Magento cache. This can include customer data, order details, and other confidential information.
The Magento Cacheleak module works by sending an HTTP request to the target server and checking for specific conditions in the response. The module checks for the presence of the file "/var/resource_config.json" and verifies that the response status is 200 (OK), the response body contains the words "media_directory" and "allowed_resources", and the response header includes the word "application/json".
Example HTTP request:
GET /var/resource_config.json
The module uses these matching conditions to determine if the web-server configuration is vulnerable to cache leakage.