id: aem-security-users info: name: Adobe AEM Security Users Exposure author: dhiyaneshDk severity: medium reference: - https://raw.githubusercontent.com/danielmiessler/SecLists/master/Discovery/Web-Content/aem2.txt metadata: max-request: 1 shodan-query: - http.title:"AEM Sign In" - http.component:"Adobe Experience Manager" tags: misconfig,aem,adobe,exposure http: - method: GET path: - "{{BaseURL}}/libs/granite/security/content/useradmin.html" matchers-condition: and matchers: - type: word words: - 'AEM Security | Users' - 'trackingelement="create user"' condition: and - type: word part: header words: - text/html - type: status status: - 200