nuclei-templates/misconfiguration/aem/aem-userinfo-servlet.yaml

31 lines
706 B
YAML
Raw Normal View History

2021-04-13 08:50:14 +00:00
id: aem-userinfo-servlet
info:
author: DhiyaneshDk
name: AEM UserInfo Servlet
2021-04-13 20:31:02 +00:00
severity: info
2021-04-13 08:50:14 +00:00
description: UserInfoServlet is exposed, it allows to bruteforce credentials. You can get valid usernames from jcr:createdBy, jcr:lastModifiedBy, cq:LastModifiedBy attributes of any JCR node.
tags: aem
requests:
- method: GET
path:
- '{{BaseURL}}/libs/cq/security/userinfo.json'
matchers-condition: and
matchers:
- type: status
status:
- 200
- type: word
2021-06-10 15:48:38 +00:00
part: body
2021-04-13 08:50:14 +00:00
words:
2021-06-10 15:48:38 +00:00
- '"userID":'
- '"userName":'
2021-04-13 08:50:14 +00:00
condition: and
2021-06-10 15:48:38 +00:00
- type: word
part: header
words:
- 'application/json'