Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

Adobe AEM Explorer NodeTypes Exposure

By kannthu

High
Vidoc logoVidoc Module
#misconfig#aem#adobe#exposure
Description

What is the Adobe AEM Explorer NodeTypes Exposure?

The Adobe AEM Explorer NodeTypes Exposure module is a vulnerability detection module designed to identify a misconfiguration vulnerability in Adobe Experience Manager (AEM). AEM is a content management system (CMS) commonly used by organizations to manage and deliver digital experiences across multiple channels.

This module focuses on detecting the exposure of the "nodetypeadmin" and "Registered Node Types" pages in the AEM Explorer. These pages provide information about the registered node types in the AEM instance.

The severity of this vulnerability is classified as high, indicating that it has the potential to cause significant harm if exploited.

Impact

If the Adobe AEM Explorer NodeTypes Exposure vulnerability is present, an attacker may gain unauthorized access to sensitive information about the registered node types in the AEM instance. This information can be leveraged to gain a deeper understanding of the system's structure and potentially exploit other vulnerabilities.

How the module works?

The module sends a GET request to the "/crx/explorer/nodetypes/index.jsp" endpoint in the AEM instance. It then applies a series of matching conditions to determine if the vulnerability is present:

- The response body must contain the words "nodetypeadmin" and "Registered Node Types". - The response headers must include the word "text/html". - The response status code must be 200 (OK).

If all of these conditions are met, the module reports the vulnerability.

It is important to note that this module does not attempt to exploit the vulnerability or perform any unauthorized actions. Its purpose is solely to detect the presence of the misconfiguration vulnerability.

Module preview

Concurrent Requests (1)
1. HTTP Request template
GET/crx/explorer/nodety...
Matching conditions
word: nodetypeadmin, Registered Node Typesand
word: text/htmland
status: 200
Passive global matcher
No matching conditions.
On match action
Report vulnerability