From d0af9ae01e7d8e3ae466ac3daa17fc341b26aa0b Mon Sep 17 00:00:00 2001
From: Dhiyaneshwaran <leedhiyanesh@gmail.com>
Date: Tue, 13 Apr 2021 14:18:34 +0530
Subject: [PATCH] Create aem-default-get-servlet.yaml

---
 .../aem/aem-default-get-servlet.yaml          | 78 +++++++++++++++++++
 1 file changed, 78 insertions(+)
 create mode 100644 misconfiguration/aem/aem-default-get-servlet.yaml

diff --git a/misconfiguration/aem/aem-default-get-servlet.yaml b/misconfiguration/aem/aem-default-get-servlet.yaml
new file mode 100644
index 0000000000..d3546ab204
--- /dev/null
+++ b/misconfiguration/aem/aem-default-get-servlet.yaml
@@ -0,0 +1,78 @@
+id: aem-default-get-servlet
+info:
+  author: DhiyaneshDk
+  name: AEM DefaultGetServlet
+  severity: low
+  reference: https://speakerdeck.com/0ang3el/hunting-for-security-bugs-in-aem-webapps?slide=43
+  tags: aem
+
+
+requests:
+  - method: GET
+    path:
+      - '{{BaseURL}}/.json'
+      - '{{BaseURL}}/.1.json'
+      - '{{BaseURL}}/....4.2.1....json'
+      - '{{BaseURL}}/.json?FNZ.css'
+      - '{{BaseURL}}/.json?FNZ.ico'
+      - '{{BaseURL}}/.json?FNZ.html'
+      - '{{BaseURL}}/.json/FNZ.css'
+      - '{{BaseURL}}/.json/FNZ.html'
+      - '{{BaseURL}}/.json/FNZ.png'
+      - '{{BaseURL}}/.json/FNZ.ico'
+      - '{{BaseURL}}/.children.1.json'
+      - '{{BaseURL}}/.children....4.2.1....json'
+      - '{{BaseURL}}/.children.json?FNZ.css'
+      - '{{BaseURL}}/.children.json?FNZ.ico'
+      - '{{BaseURL}}/.children.json?FNZ.html'
+      - '{{BaseURL}}/.children.json/FNZ.css'
+      - '{{BaseURL}}/.children.json/FNZ.html'
+      - '{{BaseURL}}/.children.json/FNZ.png'
+      - '{{BaseURL}}/.children.json/FNZ.ico'
+      - '{{BaseURL}}/etc.json'
+      - '{{BaseURL}}/etc.1.json'
+      - '{{BaseURL}}/etc....4.2.1....json'
+      - '{{BaseURL}}/etc.json?FNZ.css'
+      - '{{BaseURL}}/etc.json?FNZ.ico'
+      - '{{BaseURL}}/etc.json?FNZ.html'
+      - '{{BaseURL}}/etc.json/FNZ.css'
+      - '{{BaseURL}}/etc.json/FNZ.html'
+      - '{{BaseURL}}/etc.json/FNZ.ico'
+      - '{{BaseURL}}/etc.children.json'
+      - '{{BaseURL}}/etc.children.1.json'
+      - '{{BaseURL}}/etc.children....4.2.1....json'
+      - '{{BaseURL}}/etc.children.json?FNZ.css'
+      - '{{BaseURL}}/etc.children.json?FNZ.ico'
+      - '{{BaseURL}}/etc.children.json?FNZ.html'
+      - '{{BaseURL}}/etc.children.json/FNZ.css'
+      - '{{BaseURL}}/etc.children.json/FNZ.html'
+      - '{{BaseURL}}/etc.children.json/FNZ.png'
+      - '{{BaseURL}}/etc.children.json/FNZ.ico'
+      - '{{BaseURL}}///etc.json'
+      - '{{BaseURL}}///etc.1.json'
+      - '{{BaseURL}}///etc....4.2.1....json'
+      - '{{BaseURL}}///etc.json?FNZ.css'
+      - '{{BaseURL}}///etc.json?FNZ.ico'
+      - '{{BaseURL}}///etc.json/FNZ.html'
+      - '{{BaseURL}}///etc.json/FNZ.png'
+      - '{{BaseURL}}///etc.json/FNZ.ico'
+      - '{{BaseURL}}///etc.children.json'
+      - '{{BaseURL}}///etc.children.1.json'
+      - '{{BaseURL}}///etc.children....4.2.1....json'
+      - '{{BaseURL}}///etc.children.json?FNZ.css'
+      - '{{BaseURL}}///etc.children.json?FNZ.ico'
+      - '{{BaseURL}}///etc.children.json?FNZ.html'
+      - '{{BaseURL}}///etc.children.json/FNZ.css'
+      - '{{BaseURL}}///etc.children.json/FNZ.html'
+      - '{{BaseURL}}///etc.children.json/FNZ.png'
+      - '{{BaseURL}}///etc.children.json/FNZ.ico'
+    matchers-condition: and
+    matchers:
+      - type: status
+        status:
+          - 200
+
+      - type: word
+        words:
+          - 'jcr:createdBy'
+        condition: and