Automate Recon and scanning process with Vidoc. All security teams in one place
By kannthu
The "Adobe AEM Disk Usage Information Disclosure" module is designed to detect a specific misconfiguration vulnerability in Adobe Experience Manager (AEM). AEM is a content management system that allows users to create, manage, and deliver digital experiences across various channels.
This module focuses on the potential information disclosure of disk usage data in AEM. It scans for the presence of a specific HTML page that displays disk usage information, including the number of nodes in the system. The severity of this vulnerability is classified as low.
This module was authored by dhiyaneshDk.
If the "Adobe AEM Disk Usage Information Disclosure" vulnerability is present, an attacker may gain insights into the disk usage of the AEM system. This information can potentially be used to gather intelligence about the system's structure and content, aiding in further attacks or unauthorized access.
The module sends HTTP requests to specific paths in the AEM system, namely "/etc/reports/diskusage.html" and "/etc/reports/diskusage.html?path=/content/dam". It then applies matching conditions to determine if the vulnerability is present.
The matching conditions for this module are as follows:
- The response body must contain the phrases "Disk Usage /" and "<th>nodes</th>" - The response headers must include the content type "text/html" - The response status code must be 200 (OK)If all of these conditions are met, the module reports the vulnerability.
Example HTTP request:
GET /etc/reports/diskusage.html HTTP/1.1
Host: example.com
Note: The above example is for illustrative purposes only and may not reflect the actual target system.
For more information, you can refer to the reference provided.
Metadata: shodan-query: http.title:"AEM Sign In",http.component:"Adobe Experience Manager"