id: aem-groovyconsole info: name: AEM Groovy Console Discovery author: Dheerajmadhukar severity: critical description: An Adobe Experience Manager Groovy console was discovered. This can possibly lead to remote code execution. reference: - https://hackerone.com/reports/672243 - https://twitter.com/XHackerx007/status/1435139576314671105 tags: aem,adobe requests: - method: GET path: - "{{BaseURL}}/groovyconsole" - "{{BaseURL}}/etc/groovyconsole.html" headers: Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 Accept-Language: en-US,en;q=0.9,hi;q=0.8 stop-at-first-match: true matchers-condition: and matchers: - type: word words: - "Groovy Console" - "Run Script" - "Groovy Web Console" part: body condition: and - type: status status: - 200 # Enhanced by mp on 2022/04/22