nuclei-templates/http/misconfiguration/aem/aem-wcm-suggestions-servlet...

32 lines
968 B
YAML
Raw Normal View History

id: aem-wcm-suggestions-servlet
info:
name: AEM WCM Suggestions Servlet
author: DhiyaneshDk
severity: low
2024-01-03 06:08:41 +00:00
description: AEM WCM Suggestions Servlet is exposed.
reference:
- https://speakerdeck.com/0ang3el/hunting-for-security-bugs-in-aem-webapps?slide=96
metadata:
max-request: 1
shodan-query: http.component:"Adobe Experience Manager"
2023-10-14 11:27:55 +00:00
tags: aem,misconfig,intrusive
http:
- method: GET
path:
2021-04-13 19:54:00 +00:00
- '{{BaseURL}}/bin/wcm/contentfinder/connector/suggestions.json;%0aOJh.css?query_term=path%3a/&pre={{randstr}}'
matchers-condition: and
matchers:
- type: status
status:
- 200
- type: word
words:
2021-04-13 19:54:00 +00:00
- '{{randstr}}'
2021-05-05 12:09:31 +00:00
- '"results":'
- '"suggestions":'
condition: and
# digest: 490a00463044022057cfdf96c2360217fdef716f23d44f208415611c12cc509b078327fa8fd6eafc022062069ce4d816e90e94403d2c31c5f49b92079f7526fa17b50b990b7a770a513e:922c64590222798bb761d5b6d8e72950