OCT
23
2015
Securing Magento Cacheleak, Backupleak and Sessionleak
4 comments
Magento Cacheleak is an implementation vulnerability, result of bad implementation of web-server configuration for Magento platform. With such configuration web-server ignoring all or some .htaccess files shipped with Magento distribution or some directives from these files and therefor all private directories, including var/, var/backups/, var/cache/, var/session/ and so on are exposed to public, so it is possible for anyone get the list of backups or sessions and download it, extract data values from cache files… Read the rest