nuclei-templates/technologies/openam-detection.yaml

id: openam-detection

info:
  name: Detect openam
  author: melbadry9,xelkomy
  severity: info
  description: The vulnerability was found in the password reset feature that OpenAM provides. When a user tries to reset his password, he is asked to enter his username then the backend validates whether the user exists or not through an LDAP query before the password reset token is sent to the userâ€™s email.
  reference: https://blog.cybercastle.io/ldap-injection-in-openam/

requests:
  - method: GET
    path:
      - "{{BaseURL}}/openam/ui/PWResetUserValidation"
      - "{{BaseURL}}/OpenAM-11.0.0/ui/PWResetUserValidation"
      - "{{BaseURL}}/ui/PWResetUserValidation"

    matchers:
      - type: dsl
        dsl:
          - 'contains(body, "jato.pageSession") && status_code==200'
Updated to openam-detection 2021-03-14 18:57:59 +00:00			`id: openam-detection`

			`info:`
			`name: Detect openam`
Updated author names 2021-06-09 12:20:56 +00:00			`author: melbadry9,xelkomy`
Updated to openam-detection 2021-03-14 18:57:59 +00:00			`severity: info`
			`description: The vulnerability was found in the password reset feature that OpenAM provides. When a user tries to reset his password, he is asked to enter his username then the backend validates whether the user exists or not through an LDAP query before the password reset token is sent to the userâ€™s email.`
			`reference: https://blog.cybercastle.io/ldap-injection-in-openam/`

			`requests:`
			`- method: GET`
			`path:`
			`- "{{BaseURL}}/openam/ui/PWResetUserValidation"`
			`- "{{BaseURL}}/OpenAM-11.0.0/ui/PWResetUserValidation"`
			`- "{{BaseURL}}/ui/PWResetUserValidation"`

			`matchers:`
			`- type: dsl`
Update openam-detection.yaml 2021-03-14 18:59:06 +00:00			`dsl:`
			`- 'contains(body, "jato.pageSession") && status_code==200'`