nuclei-templates/http/misconfiguration/aem/aem-custom-script.yaml

52 lines
1.1 KiB
YAML
Raw Normal View History

id: aem-custom-script
2022-09-24 21:27:16 +00:00
info:
name: Adobe AEM Custom Scripts Exposure
2022-09-24 21:27:16 +00:00
author: DhiyaneshDK
2022-09-24 21:29:01 +00:00
severity: unknown
2022-09-24 21:27:16 +00:00
reference:
- https://www.slideshare.net/0ang3el/hacking-aem-sites
metadata:
max-request: 2
2022-09-24 21:27:16 +00:00
shodan-query:
- http.title:"AEM Sign In"
- http.component:"Adobe Experience Manager"
tags: misconfig,aem,adobe
http:
2022-09-24 21:27:16 +00:00
- method: GET
path:
- "{{BaseURL}}/apps.tidy.infinity.json"
- "{{BaseURL}}{{path}}"
iterate-all: true
2023-10-14 11:27:55 +00:00
2022-09-24 21:27:16 +00:00
extractors:
- type: json
part: body
name: path
json:
- '.[]'
internal: true
stop-at-first-match: true
2023-10-14 11:27:55 +00:00
2022-09-24 21:27:16 +00:00
matchers-condition: and
matchers:
- type: word
part: body
words:
2022-09-26 06:27:13 +00:00
- '"jcr:primaryType":'
- '"jcr:createdBy":'
condition: and
2022-09-24 21:27:16 +00:00
- type: word
part: header
words:
- application/json
- type: status
status:
- 200
# digest: 4b0a0048304602210088f947984063983754727ab3147d3d8579e68e981678f9a1a2a8630c53890331022100834f575fe00ea170bceed8e15bc1afc6e964aff6dc8ecd912122809755b01dd0:922c64590222798bb761d5b6d8e72950