id: aem-osgi-bundles

info:
  name: Adobe AEM Installed OSGI Bundles
  author: dhiyaneshDk
  severity: low
  description: Adobe AEM Installed OSGI Bundles leaked.
  reference:
    - https://www.slideshare.net/0ang3el/hacking-aem-sites
  classification:
    cpe: cpe:2.3:a:adobe:acs_aem_commons:*:*:*:*:*:*:*:*
  metadata:
    max-request: 1
    vendor: adobe
    product: acs_aem_commons
    shodan-query:
      - http.title:"AEM Sign In"
      - http.component:"Adobe Experience Manager"
  tags: misconfig,aem,adobe

http:
  - method: GET
    path:
      - "{{BaseURL}}/bin.tidy.infinity.json"

    matchers-condition: and
    matchers:
      - type: word
        words:
          - '"jcr:primaryType":'
          - '"jcr:uuid":'
        condition: and

      - type: status
        status:
          - 200
# digest: 4a0a0047304502205010155594ebbf407945dc991c5e3e5f9e4a3c03ac762864185f46b2cc67ee9e02210086b02c35e49781063217fa1b747f93ce324b5062c5610ca9a8fb90ff1c156f19:922c64590222798bb761d5b6d8e72950