nuclei-templates/misconfiguration/aem/aem-userinfo-servlet.yaml

26 lines
595 B
YAML

id: aem-userinfo-servlet
info:
author: DhiyaneshDk
name: AEM UserInfo Servlet
severity: info
description: UserInfoServlet is exposed, it allows to bruteforce credentials. You can get valid usernames from jcr:createdBy, jcr:lastModifiedBy, cq:LastModifiedBy attributes of any JCR node.
tags: aem
requests:
- method: GET
path:
- '{{BaseURL}}/libs/cq/security/userinfo.json'
matchers-condition: and
matchers:
- type: status
status:
- 200
- type: word
words:
- 'userName'
- 'userID'
condition: and