nuclei-templates/misconfiguration/salesforce-aura.yaml

24 lines
491 B
YAML
Raw Normal View History

2021-02-10 15:07:28 +00:00
id: salesforce-aura
2020-10-27 17:55:12 +00:00
info:
name: Detect the exposure of Salesforce Lightning aura API
author: aaron_costello (@ConspiracyProof)
2021-01-31 10:21:25 +00:00
severity: info
2021-02-10 15:07:28 +00:00
reference: https://www.enumerated.de/index/salesforce
2021-03-12 08:57:14 +00:00
tags: aura,unauth,salesforce
2020-10-27 17:55:12 +00:00
requests:
- method: POST
path:
- "{{BaseURL}}/aura"
- "{{BaseURL}}/s/sfsites/aura"
- "{{BaseURL}}/sfsites/aura"
2021-03-12 08:57:14 +00:00
2020-10-27 17:55:12 +00:00
body: "{}"
matchers:
- type: word
words:
- 'aura:invalidSession'
part: body