nuclei-templates/http/misconfiguration/aem/aem-userinfo-servlet.yaml

35 lines
876 B
YAML

id: aem-userinfo-servlet
info:
name: AEM UserInfo Servlet Credentials Exposure
author: DhiyaneshDk
severity: info
description: "Adobe Experience Manager UserInfoServlet is exposed which allows an attacker to bruteforce credentials. You can get valid usernames from jcr:createdBy, jcr:lastModifiedBy, cq:LastModifiedBy attributes of any JCR node."
metadata:
max-request: 1
shodan-query: http.component:"Adobe Experience Manager"
tags: aem,bruteforce,misconfig
http:
- method: GET
path:
- '{{BaseURL}}/libs/cq/security/userinfo.json'
matchers-condition: and
matchers:
- type: status
status:
- 200
- type: word
part: body
words:
- '"userID":'
- '"userName":'
condition: and
- type: word
part: header
words:
- 'application/json'