nuclei-templates/misconfiguration/salesforce-aura.yaml

id: salesforce-aura

info:
  name: Detect the exposure of Salesforce Lightning aura API
  author: aaron_costello (@ConspiracyProof)
  severity: info
  reference: https://www.enumerated.de/index/salesforce
  tags: aura,unauth,salesforce

requests:
  - method: POST
    path:
      - "{{BaseURL}}/aura"
      - "{{BaseURL}}/s/sfsites/aura"
      - "{{BaseURL}}/sfsites/aura"

    body: "{}"

    matchers:
      - type: word
        words:
          - 'aura:invalidSession'
        part: body
misc changes 2021-02-10 15:07:28 +00:00			`id: salesforce-aura`
Added salesforce-aura-misconfig 2020-10-27 17:55:12 +00:00
			`info:`
			`name: Detect the exposure of Salesforce Lightning aura API`
			`author: aaron_costello (@ConspiracyProof)`
Update salesforce-aura-misconfig.yaml 2021-01-31 10:21:25 +00:00			`severity: info`
misc changes 2021-02-10 15:07:28 +00:00			`reference: https://www.enumerated.de/index/salesforce`
adding tags to misconfiguration 2021-03-12 08:57:14 +00:00			`tags: aura,unauth,salesforce`
Added salesforce-aura-misconfig 2020-10-27 17:55:12 +00:00
			`requests:`
			`- method: POST`
			`path:`
			`- "{{BaseURL}}/aura"`
			`- "{{BaseURL}}/s/sfsites/aura"`
			`- "{{BaseURL}}/sfsites/aura"`
adding tags to misconfiguration 2021-03-12 08:57:14 +00:00
Added salesforce-aura-misconfig 2020-10-27 17:55:12 +00:00			`body: "{}"`

			`matchers:`
			`- type: word`
			`words:`
			`- 'aura:invalidSession'`
			`part: body`