Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

Magento Installation Wizard

By kannthu

High
Vidoc logoVidoc Module
#misconfig#magento#install#exposure
Description

Magento Installation Wizard

What is the Magento Installation Wizard?

The Magento Installation Wizard is a module designed to detect misconfigurations and vulnerabilities in Magento installations. It targets the Magento software and helps identify potential security risks. This module has a high severity level, indicating that it can potentially expose sensitive information or compromise the integrity of the Magento installation.

Impact

The Magento Installation Wizard module can have a significant impact on the security of a Magento installation. If misconfigurations or vulnerabilities are detected, it could lead to unauthorized access, data breaches, or other security incidents. It is crucial to address any issues identified by this module promptly to ensure the security and stability of the Magento installation.

How the module works?

The Magento Installation Wizard module works by sending HTTP requests to the "/index.php/install/" path of the target Magento installation. It then applies a set of matching conditions to determine if the installation wizard is accessible and if the response indicates a successful installation.

Matching conditions:

- The response body must contain the words "Magento Installation Wizard" and "Welcome to Magento's Installation Wizard!" - The response headers must include the word "text/html" - The HTTP status code must be 200 (OK)

If all of these conditions are met, the module considers the Magento Installation Wizard to be present and functioning. This indicates a potential misconfiguration or vulnerability in the Magento installation, which should be investigated and addressed.

It is important to note that this module does not perform any modifications or changes to the target Magento installation. It solely focuses on detecting potential security risks and providing insights for remediation.

Module preview

Concurrent Requests (1)
1. HTTP Request template
GET/index.php/install/
Matching conditions
word: Magento Installation Wizard, Welcome to ...and
word: text/htmland
status: 200
Passive global matcher
No matching conditions.
On match action
Report vulnerability