Skip to content
Nuclei Templates

Magento Connect Manager Installer - Detect

ID: magento-downloader-panel

Severity: info

Author: 5up3r541y4n

Tags: magento,exposure,panel

Description

Section titled “Description”

Magento Connect Manager installer was detected. The software, available via /downloader/ location, requires Magento admin rights and uses the same authorization methods as for backend. If an attacker locates a matching pair of login/password, the installation will be compromised. An attacker can then discover backend URL for login (even if it is customized as described in Securing Magento /admin/) and install a Filesystem extension to obtain full access to all files and finally the database.

YAML Source

Section titled “YAML Source”
id: magento-downloader-panel


info:
  name: Magento Connect Manager Installer - Detect
  author: 5up3r541y4n
  severity: info
  description: |
    Magento Connect Manager installer was detected. The software, available via /downloader/ location, requires Magento admin rights and uses the same authorization methods as for backend. If an attacker locates a matching pair of login/password, the installation will be compromised. An attacker can then discover backend URL for login (even if it is customized as described in Securing Magento /admin/) and install a Filesystem extension to obtain full access to all files and finally the database.
  reference:
    - https://magentary.com/kb/restrict-access-to-magento-downloader/
    - https://www.mageplaza.com/kb/how-to-stop-brute-force-attacks-magento.html#solution-3
  classification:
    cpe: cpe:2.3:a:magento:magento:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 1
    vendor: magento
    product: magento
    shodan-query:
      - http.component:"Magento"
      - cpe:"cpe:2.3:a:magento:magento"
      - http.component:"magento"
  tags: magento,exposure,panel


http:
  - method: GET
    path:
      - '{{BaseURL}}/downloader/'


    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - "Magento Downloader"
          - "Log In"
        condition: and


      - type: word
        part: header
        words:
          - "text/html"


      - type: status
        status:
          - 200


    extractors:
      - type: regex
        part: body
        group: 1
        regex:
          - '\(Magento Connect Manager ver\. ([0-9.]+)'
# digest: 490a00463044022074878158a3ea5c3399a63bc7ac644b1c6ade239de3a1c8259eef389b18e45446022021fcca0aaf548d12e29e3a2e2f4dec4427ae01040159cce841c4a94c49a1c043:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "http/exposed-panels/magento-downloader-panel.yaml"

View on Github