diff --git a/misconfiguration/aem/aem-osgi-bundles.yaml b/misconfiguration/aem/aem-osgi-bundles.yaml new file mode 100644 index 0000000000..a8171ba858 --- /dev/null +++ b/misconfiguration/aem/aem-osgi-bundles.yaml @@ -0,0 +1,30 @@ +id: aem-osgi-bundles + +info: + name: Adobe AEM Installed OSGI Bundles + author: dhiyaneshDk + severity: low + reference: + - https://www.slideshare.net/0ang3el/hacking-aem-sites + metadata: + shodan-query: + - http.title:"AEM Sign In" + - http.component:"Adobe Experience Manager" + tags: misconfig,aem,adobe + +requests: + - method: GET + path: + - "{{BaseURL}}/bin.tidy.infinity.json" + + matchers-condition: and + matchers: + - type: word + words: + - '"jcr:primaryType":' + - '"jcr:uuid":' + condition: and + + - type: status + status: + - 200