Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

Magento Unprotected development files

By kannthu

High
Vidoc logoVidoc Module
#magento
Description

Magento Unprotected Development Files

What is the "Magento Unprotected Development Files" module?

The "Magento Unprotected Development Files" module is designed to detect a misconfiguration in Magento version 1.9.2.x. It targets the /dev directories or files that may reveal sensitive information, such as passwords. By default, these directories and files are not protected, which can pose a security risk. The severity of this vulnerability is classified as high.

This module was authored by TechbrunchFR.

Impact

If the /dev directories and files are left unprotected, unauthorized individuals may gain access to sensitive information, including passwords and other confidential data. This can potentially lead to unauthorized access to the Magento system and compromise the security of the website.

How does the module work?

The "Magento Unprotected Development Files" module works by sending HTTP requests to specific paths within the Magento installation. It checks for the presence of certain patterns in the response body and headers to determine if the /dev directories or files are accessible.

For example, one of the HTTP requests sent by the module may be:

GET /dev/tests/functional/credentials.xml.dist

The module then applies matching conditions to the response to determine if the vulnerability is present. These conditions include checking if the response body contains specific keywords related to Magento, if the response headers indicate an XML or octet-stream content type, and if the HTTP status code is 200.

If all the matching conditions are met, the module reports the vulnerability, indicating that the /dev directories or files are accessible and potentially exposing sensitive information.

Module preview

Concurrent Requests (1)
1. HTTP Request template
GET/dev/tests/functiona.../dev/tests/functiona...
Matching conditions
dsl: contains(body, "Magento"), contains(body...and
dsl: contains(body, "Magento"), contains(body...
Passive global matcher
No matching conditions.
On match action
Report vulnerability