Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

Adobe AEM External Link Checker Exposure

By kannthu

Informative
Vidoc logoVidoc Module
#misconfig#aem#adobe#exposure
Description

What is the "Adobe AEM External Link Checker Exposure" module?

The "Adobe AEM External Link Checker Exposure" module is designed to detect misconfigurations in Adobe Experience Manager (AEM) installations. AEM is a content management system that allows users to create, manage, and deliver digital experiences across various channels.

This module focuses on identifying potential exposure of the external link checker feature in AEM. The severity of this module is classified as informative, meaning it provides valuable information about the configuration but does not indicate a direct vulnerability.

This module was authored by dhiyaneshDk.

Impact

The impact of the "Adobe AEM External Link Checker Exposure" module is primarily informational. It helps identify potential misconfigurations in the external link checker feature of AEM, which could affect the accuracy and reliability of link checking functionality. However, it does not directly pose a security risk or vulnerability.

How does the module work?

The "Adobe AEM External Link Checker Exposure" module works by sending HTTP requests to specific paths in the AEM installation and applying matching conditions to identify misconfigurations. One example of an HTTP request sent by this module is:

GET /etc/linkchecker.html

The module uses the following matching conditions to determine if the external link checker feature is exposed:

- The response body contains the HTML title tag "<title>External Link Checker</title>". - The response header includes the content type "text/html". - The response status code is "200" (OK).

If all of these conditions are met, the module reports the potential exposure of the external link checker feature in AEM.

For more information, you can refer to the reference and the following metadata: shodan-query: http.title:"AEM Sign In",http.component:"Adobe Experience Manager".

Module preview

Concurrent Requests (1)
1. HTTP Request template
GET/etc/linkchecker.htm.../var/linkchecker.htm...
Matching conditions
word: <title>External Link Checker</title>and
word: text/htmland
status: 200
Passive global matcher
No matching conditions.
On match action
Report vulnerability