id: aem-custom-script info: name: Adobe AEM Custom Scripts Exposure author: DhiyaneshDK severity: unknown reference: - https://www.slideshare.net/0ang3el/hacking-aem-sites metadata: shodan-query: - http.title:"AEM Sign In" - http.component:"Adobe Experience Manager" tags: misconfig,aem,adobe requests: - method: GET path: - "{{BaseURL}}/apps.tidy.infinity.json" - "{{BaseURL}}{{path}}" iterate-all: true extractors: - type: json part: body name: path json: - '.[]' internal: true stop-at-first-match: true matchers-condition: and matchers: - type: word part: body words: - '"jcr:primaryType":' - '"jcr:createdBy":' condition: and - type: word part: header words: - application/json - type: status status: - 200