nuclei-templates/misconfiguration/aem/aem-userinfo-servlet.yaml

31 lines
706 B
YAML

id: aem-userinfo-servlet
info:
author: DhiyaneshDk
name: AEM UserInfo Servlet
severity: info
description: UserInfoServlet is exposed, it allows to bruteforce credentials. You can get valid usernames from jcr:createdBy, jcr:lastModifiedBy, cq:LastModifiedBy attributes of any JCR node.
tags: aem
requests:
- method: GET
path:
- '{{BaseURL}}/libs/cq/security/userinfo.json'
matchers-condition: and
matchers:
- type: status
status:
- 200
- type: word
part: body
words:
- '"userID":'
- '"userName":'
condition: and
- type: word
part: header
words:
- 'application/json'