id: aem-misc-admin info: name: Adobe AEM Misc Admin Dashboard Exposure author: dhiyaneshDk severity: high description: Adobe AEM Misc Admin Dashboard is exposed. reference: - https://raw.githubusercontent.com/danielmiessler/SecLists/master/Discovery/Web-Content/aem2.txt metadata: verified: true max-request: 9 shodan-query: - http.title:"AEM Sign In" - http.component:"Adobe Experience Manager" tags: misconfig,aem,adobe,exposure http: - method: GET path: - "{{BaseURL}}/miscadmin" - "{{BaseURL}}/mcmadmin#/content/dashboard" - "{{BaseURL}}/miscadmin#/etc/mobile" - "{{BaseURL}}/miscadmin#/etc/segmentation" - "{{BaseURL}}/miscadmin#/etc/blueprints" - "{{BaseURL}}/miscadmin#/etc/designs" - "{{BaseURL}}/miscadmin#/etc/importers" - "{{BaseURL}}/miscadmin#/etc/reports" - "{{BaseURL}}/miscadmin#/etc/msm/rolloutconfigs" stop-at-first-match: true matchers-condition: and matchers: - type: word part: body words: - 'AEM Tools' - 'AEM MCM' condition: or - type: word part: header words: - text/html - type: status status: - 200 # digest: 4a0a00473045022100ae2c69f9102417ad5702ed9e158be718b95625f1fbffe442a6754aa8a07f8cdd02207dbd18e38f4bdc0157fdc70c1cc6bad766afe0f83d7af116d671e901e483bb79:922c64590222798bb761d5b6d8e72950