commit
2877624443
|
@ -3,13 +3,24 @@ info:
|
|||
author: DhiyaneshDk
|
||||
name: AEM DefaultGetServlet
|
||||
severity: low
|
||||
reference: https://speakerdeck.com/0ang3el/hunting-for-security-bugs-in-aem-webapps?slide=43
|
||||
tags: aem
|
||||
description: Sensitive information might be exposed via AEM DefaultGetServlet.
|
||||
reference:
|
||||
- https://speakerdeck.com/0ang3el/hunting-for-security-bugs-in-aem-webapps?slide=43
|
||||
- https://github.com/thomashartm/burp-aem-scanner/blob/master/src/main/java/burp/actions/dispatcher/GetServletExposed.java
|
||||
tags: aem,adobe
|
||||
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- '{{BaseURL}}/etc'
|
||||
- '{{BaseURL}}/var'
|
||||
- '{{BaseURL}}/apps'
|
||||
- '{{BaseURL}}/home'
|
||||
- '{{BaseURL}}///etc'
|
||||
- '{{BaseURL}}///var'
|
||||
- '{{BaseURL}}///apps'
|
||||
- '{{BaseURL}}///home'
|
||||
- '{{BaseURL}}/.json'
|
||||
- '{{BaseURL}}/.1.json'
|
||||
- '{{BaseURL}}/....4.2.1....json'
|
||||
|
|
|
@ -4,15 +4,21 @@ info:
|
|||
author: DhiyaneshDk
|
||||
name: AEM Login Status
|
||||
severity: info
|
||||
reference: https://www.slideshare.net/0ang3el/hunting-for-security-bugs-in-aem-webapps-129262212
|
||||
tags: aem
|
||||
description: LoginStatusServlet is exposed, it allows to bruteforce credentials.
|
||||
reference:
|
||||
- https://www.slideshare.net/0ang3el/hunting-for-security-bugs-in-aem-webapps-129262212
|
||||
- https://github.com/thomashartm/burp-aem-scanner/blob/master/src/main/java/burp/actions/dispatcher/LoginStatusServletExposed.java
|
||||
tags: aem,adobe
|
||||
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- '{{BaseURL}}/system/sling/loginstatus'
|
||||
- '{{BaseURL}}/system/sling/loginstatus.css'
|
||||
- '{{BaseURL}}///system///sling///loginstatus'
|
||||
|
||||
stop-at-first-match: true
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: status
|
||||
|
|
|
@ -4,14 +4,26 @@ info:
|
|||
author: DhiyaneshDk
|
||||
name: AEM QueryBuilder Json Servlet
|
||||
severity: info
|
||||
reference: https://helpx.adobe.com/experience-manager/6-3/sites/developing/using/querybuilder-predicate-reference.html
|
||||
tags: aem
|
||||
description: Sensitive information might be exposed via AEMs QueryBuilderServlet or QueryBuilderFeedServlet.
|
||||
reference:
|
||||
- https://helpx.adobe.com/experience-manager/6-3/sites/developing/using/querybuilder-predicate-reference.html
|
||||
- https://github.com/thomashartm/burp-aem-scanner/blob/master/src/main/java/burp/actions/dispatcher/QueryBuilderExposed.java
|
||||
tags: aem,adobe
|
||||
|
||||
|
||||
requests:
|
||||
- method: GET
|
||||
path:
|
||||
- '{{BaseURL}}/bin/querybuilder.json'
|
||||
- '{{BaseURL}}/bin/querybuilder.json.servlet'
|
||||
- '{{BaseURL}}///bin///querybuilder.json'
|
||||
- '{{BaseURL}}///bin///querybuilder.json.servlet'
|
||||
- '{{BaseURL}}/bin/querybuilder.feed'
|
||||
- '{{BaseURL}}/bin/querybuilder.feed.servlet'
|
||||
- '{{BaseURL}}///bin///querybuilder.feed'
|
||||
- ' {{BaseURL}}///bin///querybuilder.feed.servlet'
|
||||
|
||||
stop-at-first-match: true
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: status
|
||||
|
|
Loading…
Reference in New Issue