Added salesforce-aura-misconfig

security-misconfiguration/salesforce-aura-misconfig.yaml

@@ -0,0 +1,24 @@
+id: salesforce-aura-misconfig
+
+info:
+  name: Detect the exposure of Salesforce Lightning aura API
+  author: aaron_costello (@ConspiracyProof)
+  severity: medium
+
+  # Reference:-
+  # https://www.enumerated.de/index/salesforce
+  # Severity of this misconfiguration depends of disclosed information.
+
+requests:
+  - method: POST
+    path:
+      - "{{BaseURL}}/aura"
+      - "{{BaseURL}}/s/sfsites/aura"
+      - "{{BaseURL}}/sfsites/aura"
+    body: "{}"
+
+    matchers:
+      - type: word
+        words:
+          - 'aura:invalidSession'
+        part: body