Merge pull request #1273 from DhiyaneshGeek/master

7 AEM new Templates and AEM workflow added
patch-1
PD-Team 2021-04-14 01:29:42 +05:30 committed by GitHub
commit e049fd7281
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
9 changed files with 237 additions and 1 deletions

View File

@ -0,0 +1,78 @@
id: aem-default-get-servlet
info:
author: DhiyaneshDk
name: AEM DefaultGetServlet
severity: low
reference: https://speakerdeck.com/0ang3el/hunting-for-security-bugs-in-aem-webapps?slide=43
tags: aem
requests:
- method: GET
path:
- '{{BaseURL}}/.json'
- '{{BaseURL}}/.1.json'
- '{{BaseURL}}/....4.2.1....json'
- '{{BaseURL}}/.json?FNZ.css'
- '{{BaseURL}}/.json?FNZ.ico'
- '{{BaseURL}}/.json?FNZ.html'
- '{{BaseURL}}/.json/FNZ.css'
- '{{BaseURL}}/.json/FNZ.html'
- '{{BaseURL}}/.json/FNZ.png'
- '{{BaseURL}}/.json/FNZ.ico'
- '{{BaseURL}}/.children.1.json'
- '{{BaseURL}}/.children....4.2.1....json'
- '{{BaseURL}}/.children.json?FNZ.css'
- '{{BaseURL}}/.children.json?FNZ.ico'
- '{{BaseURL}}/.children.json?FNZ.html'
- '{{BaseURL}}/.children.json/FNZ.css'
- '{{BaseURL}}/.children.json/FNZ.html'
- '{{BaseURL}}/.children.json/FNZ.png'
- '{{BaseURL}}/.children.json/FNZ.ico'
- '{{BaseURL}}/etc.json'
- '{{BaseURL}}/etc.1.json'
- '{{BaseURL}}/etc....4.2.1....json'
- '{{BaseURL}}/etc.json?FNZ.css'
- '{{BaseURL}}/etc.json?FNZ.ico'
- '{{BaseURL}}/etc.json?FNZ.html'
- '{{BaseURL}}/etc.json/FNZ.css'
- '{{BaseURL}}/etc.json/FNZ.html'
- '{{BaseURL}}/etc.json/FNZ.ico'
- '{{BaseURL}}/etc.children.json'
- '{{BaseURL}}/etc.children.1.json'
- '{{BaseURL}}/etc.children....4.2.1....json'
- '{{BaseURL}}/etc.children.json?FNZ.css'
- '{{BaseURL}}/etc.children.json?FNZ.ico'
- '{{BaseURL}}/etc.children.json?FNZ.html'
- '{{BaseURL}}/etc.children.json/FNZ.css'
- '{{BaseURL}}/etc.children.json/FNZ.html'
- '{{BaseURL}}/etc.children.json/FNZ.png'
- '{{BaseURL}}/etc.children.json/FNZ.ico'
- '{{BaseURL}}///etc.json'
- '{{BaseURL}}///etc.1.json'
- '{{BaseURL}}///etc....4.2.1....json'
- '{{BaseURL}}///etc.json?FNZ.css'
- '{{BaseURL}}///etc.json?FNZ.ico'
- '{{BaseURL}}///etc.json/FNZ.html'
- '{{BaseURL}}///etc.json/FNZ.png'
- '{{BaseURL}}///etc.json/FNZ.ico'
- '{{BaseURL}}///etc.children.json'
- '{{BaseURL}}///etc.children.1.json'
- '{{BaseURL}}///etc.children....4.2.1....json'
- '{{BaseURL}}///etc.children.json?FNZ.css'
- '{{BaseURL}}///etc.children.json?FNZ.ico'
- '{{BaseURL}}///etc.children.json?FNZ.html'
- '{{BaseURL}}///etc.children.json/FNZ.css'
- '{{BaseURL}}///etc.children.json/FNZ.html'
- '{{BaseURL}}///etc.children.json/FNZ.png'
- '{{BaseURL}}///etc.children.json/FNZ.ico'
matchers-condition: and
matchers:
- type: status
status:
- 200
- type: word
words:
- 'jcr:createdBy'
condition: and

View File

@ -0,0 +1,26 @@
id: aem-gql-servlet
info:
author: DhiyaneshDk
name: AEM GQLServlet
severity: low
reference: https://helpx.adobe.com/experience-manager/6-3/sites/developing/using/reference-materials/javadoc/index.html?org/apache/jackrabbit/commons/query/GQL.html
tags: aem
requests:
- method: GET
path:
- '{{BaseURL}}/bin/wcm/search/gql.json?query=type:User%20limit:..1&pathPrefix=&p.ico'
matchers-condition: and
matchers:
- type: status
status:
- 200
- type: word
words:
- 'excerpt'
- 'path'
- 'hits'
condition: and

View File

@ -0,0 +1,24 @@
id: aem-merge-metadata-servlet
info:
author: DhiyaneshDk
name: AEM MergeMetadataServlet
severity: info
reference: https://speakerdeck.com/0ang3el/aem-hacker-approaching-adobe-experience-manager-webapps-in-bug-bounty-programs?slide=91
tags: aem
requests:
- method: GET
path:
- '{{BaseURL}}/libs/dam/merge/metadata.html?path=/etc&.ico'
matchers-condition: and
matchers:
- type: status
status:
- 200
- type: word
words:
- 'assetPaths'
condition: and

View File

@ -0,0 +1,23 @@
id: aem-querybuilder-feed-servlet
info:
author: DhiyaneshDk
name: AEM QueryBuilder Feed Servlet
severity: info
reference: https://helpx.adobe.com/experience-manager/6-3/sites/developing/using/querybuilder-predicate-reference.html
tags: aem
requests:
- method: GET
path:
- '{{BaseURL}}/bin/querybuilder.feed'
matchers-condition: and
matchers:
- type: status
status:
- 200
- type: word
words:
- 'CQ Feed'

View File

@ -25,5 +25,5 @@ requests:
- type: word - type: word
words: words:
- 'jcr:path' - 'jcr:path'
- '"success":true' - 'success'
condition: and condition: and

View File

@ -0,0 +1,25 @@
id: aem-querybuilder-json-servlet
info:
author: DhiyaneshDk
name: AEM QueryBuilder Json Servlet
severity: info
reference: https://helpx.adobe.com/experience-manager/6-3/sites/developing/using/querybuilder-predicate-reference.html
tags: aem
requests:
- method: GET
path:
- '{{BaseURL}}/bin/querybuilder.json'
matchers-condition: and
matchers:
- type: status
status:
- 200
- type: word
words:
- 'success'
- 'results'
condition: and

View File

@ -0,0 +1,25 @@
id: aem-userinfo-servlet
info:
author: DhiyaneshDk
name: AEM UserInfo Servlet
severity: low
description: UserInfoServlet is exposed, it allows to bruteforce credentials. You can get valid usernames from jcr:createdBy, jcr:lastModifiedBy, cq:LastModifiedBy attributes of any JCR node.
tags: aem
requests:
- method: GET
path:
- '{{BaseURL}}/libs/cq/security/userinfo.json'
matchers-condition: and
matchers:
- type: status
status:
- 200
- type: word
words:
- 'userName'
- 'userID'
condition: and

View File

@ -0,0 +1,25 @@
id: aem-wcm-suggestions-servlet
info:
author: DhiyaneshDk
name: AEM WCM Suggestions Servlet
severity: low
reference: https://speakerdeck.com/0ang3el/hunting-for-security-bugs-in-aem-webapps?slide=96
tags: aem
requests:
- method: GET
path:
- '{{BaseURL}}/bin/wcm/contentfinder/connector/suggestions.json;%0aOJh.css?query_term=path%3a/&pre={{randstr}}'
matchers-condition: and
matchers:
- type: status
status:
- 200
- type: word
words:
- '{{randstr}}'
- 'suggestions'
condition: and

View File

@ -0,0 +1,10 @@
id: aem-workflow
info:
name: Adobe Experience Manager Security Checks
author: dhiyaneshDK
description: A simple workflow that runs all Adobe Experience Manager related nuclei templates on a given target.
tags: workflow
workflows:
- template: misconfiguration/aem/