Create openam-ldap-injection.yaml

reference: https://blog.cybercastle.io/ldap-injection-in-openam/ The vulnerability was found in the password reset feature that OpenAM provides. When a user tries to reset his password, he is asked to enter his username then the backend validates whether the user exists or not through an LDAP query before the password reset token is sent to the user’s email.
2021-01-13 23:36:19 +02:00 · 2021-01-13 23:36:19 +02:00 · 5c2eabbebc
parent 4fd46aabd3
commit 5c2eabbebc
1 changed files with 24 additions and 0 deletions
--- a/vulnerabilities/other/openam-ldap-injection.yaml
+++ b/vulnerabilities/other/openam-ldap-injection.yaml
@ -0,0 +1,24 @@
+id: openam-ldap-injection
+
+info:
+  name: LDAP Injection In OPENAM
+  author: xelkomy
+  severity: high
+  description: The vulnerability was found in the password reset feature that OpenAM provides. When a user tries to reset his password, he is asked to enter his username then the backend validates whether the user exists or not through an LDAP query before the password reset token is sent to the user’s email.
+
+  # reference: https://blog.cybercastle.io/ldap-injection-in-openam/
+
+requests:
+  - method: GET
+    path:
+      - '{{BaseURL}/openam/ui/PWResetUserValidation'
+      - '{{BaseURL}/ui/PWResetUserValidation'
+    matchers-condition: and
+    matchers:
+      - type: status
+        status:
+          - 200
+      - type: word
+        words:
+          - "jato.defaultCommand"
+        part: body