Merge pull request #1273 from DhiyaneshGeek/master
7 AEM new Templates and AEM workflow addedpatch-1
commit
e049fd7281
|
@ -0,0 +1,78 @@
|
||||||
|
id: aem-default-get-servlet
|
||||||
|
info:
|
||||||
|
author: DhiyaneshDk
|
||||||
|
name: AEM DefaultGetServlet
|
||||||
|
severity: low
|
||||||
|
reference: https://speakerdeck.com/0ang3el/hunting-for-security-bugs-in-aem-webapps?slide=43
|
||||||
|
tags: aem
|
||||||
|
|
||||||
|
|
||||||
|
requests:
|
||||||
|
- method: GET
|
||||||
|
path:
|
||||||
|
- '{{BaseURL}}/.json'
|
||||||
|
- '{{BaseURL}}/.1.json'
|
||||||
|
- '{{BaseURL}}/....4.2.1....json'
|
||||||
|
- '{{BaseURL}}/.json?FNZ.css'
|
||||||
|
- '{{BaseURL}}/.json?FNZ.ico'
|
||||||
|
- '{{BaseURL}}/.json?FNZ.html'
|
||||||
|
- '{{BaseURL}}/.json/FNZ.css'
|
||||||
|
- '{{BaseURL}}/.json/FNZ.html'
|
||||||
|
- '{{BaseURL}}/.json/FNZ.png'
|
||||||
|
- '{{BaseURL}}/.json/FNZ.ico'
|
||||||
|
- '{{BaseURL}}/.children.1.json'
|
||||||
|
- '{{BaseURL}}/.children....4.2.1....json'
|
||||||
|
- '{{BaseURL}}/.children.json?FNZ.css'
|
||||||
|
- '{{BaseURL}}/.children.json?FNZ.ico'
|
||||||
|
- '{{BaseURL}}/.children.json?FNZ.html'
|
||||||
|
- '{{BaseURL}}/.children.json/FNZ.css'
|
||||||
|
- '{{BaseURL}}/.children.json/FNZ.html'
|
||||||
|
- '{{BaseURL}}/.children.json/FNZ.png'
|
||||||
|
- '{{BaseURL}}/.children.json/FNZ.ico'
|
||||||
|
- '{{BaseURL}}/etc.json'
|
||||||
|
- '{{BaseURL}}/etc.1.json'
|
||||||
|
- '{{BaseURL}}/etc....4.2.1....json'
|
||||||
|
- '{{BaseURL}}/etc.json?FNZ.css'
|
||||||
|
- '{{BaseURL}}/etc.json?FNZ.ico'
|
||||||
|
- '{{BaseURL}}/etc.json?FNZ.html'
|
||||||
|
- '{{BaseURL}}/etc.json/FNZ.css'
|
||||||
|
- '{{BaseURL}}/etc.json/FNZ.html'
|
||||||
|
- '{{BaseURL}}/etc.json/FNZ.ico'
|
||||||
|
- '{{BaseURL}}/etc.children.json'
|
||||||
|
- '{{BaseURL}}/etc.children.1.json'
|
||||||
|
- '{{BaseURL}}/etc.children....4.2.1....json'
|
||||||
|
- '{{BaseURL}}/etc.children.json?FNZ.css'
|
||||||
|
- '{{BaseURL}}/etc.children.json?FNZ.ico'
|
||||||
|
- '{{BaseURL}}/etc.children.json?FNZ.html'
|
||||||
|
- '{{BaseURL}}/etc.children.json/FNZ.css'
|
||||||
|
- '{{BaseURL}}/etc.children.json/FNZ.html'
|
||||||
|
- '{{BaseURL}}/etc.children.json/FNZ.png'
|
||||||
|
- '{{BaseURL}}/etc.children.json/FNZ.ico'
|
||||||
|
- '{{BaseURL}}///etc.json'
|
||||||
|
- '{{BaseURL}}///etc.1.json'
|
||||||
|
- '{{BaseURL}}///etc....4.2.1....json'
|
||||||
|
- '{{BaseURL}}///etc.json?FNZ.css'
|
||||||
|
- '{{BaseURL}}///etc.json?FNZ.ico'
|
||||||
|
- '{{BaseURL}}///etc.json/FNZ.html'
|
||||||
|
- '{{BaseURL}}///etc.json/FNZ.png'
|
||||||
|
- '{{BaseURL}}///etc.json/FNZ.ico'
|
||||||
|
- '{{BaseURL}}///etc.children.json'
|
||||||
|
- '{{BaseURL}}///etc.children.1.json'
|
||||||
|
- '{{BaseURL}}///etc.children....4.2.1....json'
|
||||||
|
- '{{BaseURL}}///etc.children.json?FNZ.css'
|
||||||
|
- '{{BaseURL}}///etc.children.json?FNZ.ico'
|
||||||
|
- '{{BaseURL}}///etc.children.json?FNZ.html'
|
||||||
|
- '{{BaseURL}}///etc.children.json/FNZ.css'
|
||||||
|
- '{{BaseURL}}///etc.children.json/FNZ.html'
|
||||||
|
- '{{BaseURL}}///etc.children.json/FNZ.png'
|
||||||
|
- '{{BaseURL}}///etc.children.json/FNZ.ico'
|
||||||
|
matchers-condition: and
|
||||||
|
matchers:
|
||||||
|
- type: status
|
||||||
|
status:
|
||||||
|
- 200
|
||||||
|
|
||||||
|
- type: word
|
||||||
|
words:
|
||||||
|
- 'jcr:createdBy'
|
||||||
|
condition: and
|
|
@ -0,0 +1,26 @@
|
||||||
|
id: aem-gql-servlet
|
||||||
|
|
||||||
|
info:
|
||||||
|
author: DhiyaneshDk
|
||||||
|
name: AEM GQLServlet
|
||||||
|
severity: low
|
||||||
|
reference: https://helpx.adobe.com/experience-manager/6-3/sites/developing/using/reference-materials/javadoc/index.html?org/apache/jackrabbit/commons/query/GQL.html
|
||||||
|
tags: aem
|
||||||
|
|
||||||
|
|
||||||
|
requests:
|
||||||
|
- method: GET
|
||||||
|
path:
|
||||||
|
- '{{BaseURL}}/bin/wcm/search/gql.json?query=type:User%20limit:..1&pathPrefix=&p.ico'
|
||||||
|
matchers-condition: and
|
||||||
|
matchers:
|
||||||
|
- type: status
|
||||||
|
status:
|
||||||
|
- 200
|
||||||
|
|
||||||
|
- type: word
|
||||||
|
words:
|
||||||
|
- 'excerpt'
|
||||||
|
- 'path'
|
||||||
|
- 'hits'
|
||||||
|
condition: and
|
|
@ -0,0 +1,24 @@
|
||||||
|
id: aem-merge-metadata-servlet
|
||||||
|
|
||||||
|
info:
|
||||||
|
author: DhiyaneshDk
|
||||||
|
name: AEM MergeMetadataServlet
|
||||||
|
severity: info
|
||||||
|
reference: https://speakerdeck.com/0ang3el/aem-hacker-approaching-adobe-experience-manager-webapps-in-bug-bounty-programs?slide=91
|
||||||
|
tags: aem
|
||||||
|
|
||||||
|
|
||||||
|
requests:
|
||||||
|
- method: GET
|
||||||
|
path:
|
||||||
|
- '{{BaseURL}}/libs/dam/merge/metadata.html?path=/etc&.ico'
|
||||||
|
matchers-condition: and
|
||||||
|
matchers:
|
||||||
|
- type: status
|
||||||
|
status:
|
||||||
|
- 200
|
||||||
|
|
||||||
|
- type: word
|
||||||
|
words:
|
||||||
|
- 'assetPaths'
|
||||||
|
condition: and
|
|
@ -0,0 +1,23 @@
|
||||||
|
id: aem-querybuilder-feed-servlet
|
||||||
|
|
||||||
|
info:
|
||||||
|
author: DhiyaneshDk
|
||||||
|
name: AEM QueryBuilder Feed Servlet
|
||||||
|
severity: info
|
||||||
|
reference: https://helpx.adobe.com/experience-manager/6-3/sites/developing/using/querybuilder-predicate-reference.html
|
||||||
|
tags: aem
|
||||||
|
|
||||||
|
|
||||||
|
requests:
|
||||||
|
- method: GET
|
||||||
|
path:
|
||||||
|
- '{{BaseURL}}/bin/querybuilder.feed'
|
||||||
|
matchers-condition: and
|
||||||
|
matchers:
|
||||||
|
- type: status
|
||||||
|
status:
|
||||||
|
- 200
|
||||||
|
|
||||||
|
- type: word
|
||||||
|
words:
|
||||||
|
- 'CQ Feed'
|
|
@ -25,5 +25,5 @@ requests:
|
||||||
- type: word
|
- type: word
|
||||||
words:
|
words:
|
||||||
- 'jcr:path'
|
- 'jcr:path'
|
||||||
- '"success":true'
|
- 'success'
|
||||||
condition: and
|
condition: and
|
|
@ -0,0 +1,25 @@
|
||||||
|
id: aem-querybuilder-json-servlet
|
||||||
|
|
||||||
|
info:
|
||||||
|
author: DhiyaneshDk
|
||||||
|
name: AEM QueryBuilder Json Servlet
|
||||||
|
severity: info
|
||||||
|
reference: https://helpx.adobe.com/experience-manager/6-3/sites/developing/using/querybuilder-predicate-reference.html
|
||||||
|
tags: aem
|
||||||
|
|
||||||
|
|
||||||
|
requests:
|
||||||
|
- method: GET
|
||||||
|
path:
|
||||||
|
- '{{BaseURL}}/bin/querybuilder.json'
|
||||||
|
matchers-condition: and
|
||||||
|
matchers:
|
||||||
|
- type: status
|
||||||
|
status:
|
||||||
|
- 200
|
||||||
|
|
||||||
|
- type: word
|
||||||
|
words:
|
||||||
|
- 'success'
|
||||||
|
- 'results'
|
||||||
|
condition: and
|
|
@ -0,0 +1,25 @@
|
||||||
|
id: aem-userinfo-servlet
|
||||||
|
|
||||||
|
info:
|
||||||
|
author: DhiyaneshDk
|
||||||
|
name: AEM UserInfo Servlet
|
||||||
|
severity: low
|
||||||
|
description: UserInfoServlet is exposed, it allows to bruteforce credentials. You can get valid usernames from jcr:createdBy, jcr:lastModifiedBy, cq:LastModifiedBy attributes of any JCR node.
|
||||||
|
tags: aem
|
||||||
|
|
||||||
|
|
||||||
|
requests:
|
||||||
|
- method: GET
|
||||||
|
path:
|
||||||
|
- '{{BaseURL}}/libs/cq/security/userinfo.json'
|
||||||
|
matchers-condition: and
|
||||||
|
matchers:
|
||||||
|
- type: status
|
||||||
|
status:
|
||||||
|
- 200
|
||||||
|
|
||||||
|
- type: word
|
||||||
|
words:
|
||||||
|
- 'userName'
|
||||||
|
- 'userID'
|
||||||
|
condition: and
|
|
@ -0,0 +1,25 @@
|
||||||
|
id: aem-wcm-suggestions-servlet
|
||||||
|
info:
|
||||||
|
author: DhiyaneshDk
|
||||||
|
name: AEM WCM Suggestions Servlet
|
||||||
|
severity: low
|
||||||
|
reference: https://speakerdeck.com/0ang3el/hunting-for-security-bugs-in-aem-webapps?slide=96
|
||||||
|
tags: aem
|
||||||
|
|
||||||
|
|
||||||
|
requests:
|
||||||
|
- method: GET
|
||||||
|
path:
|
||||||
|
- '{{BaseURL}}/bin/wcm/contentfinder/connector/suggestions.json;%0aOJh.css?query_term=path%3a/&pre={{randstr}}'
|
||||||
|
|
||||||
|
matchers-condition: and
|
||||||
|
matchers:
|
||||||
|
- type: status
|
||||||
|
status:
|
||||||
|
- 200
|
||||||
|
|
||||||
|
- type: word
|
||||||
|
words:
|
||||||
|
- '{{randstr}}'
|
||||||
|
- 'suggestions'
|
||||||
|
condition: and
|
|
@ -0,0 +1,10 @@
|
||||||
|
id: aem-workflow
|
||||||
|
|
||||||
|
info:
|
||||||
|
name: Adobe Experience Manager Security Checks
|
||||||
|
author: dhiyaneshDK
|
||||||
|
description: A simple workflow that runs all Adobe Experience Manager related nuclei templates on a given target.
|
||||||
|
tags: workflow
|
||||||
|
|
||||||
|
workflows:
|
||||||
|
- template: misconfiguration/aem/
|
Loading…
Reference in New Issue