Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

Adobe AEM Offloading Browser

By kannthu

Medium
Vidoc logoVidoc Module
#misconfig#aem#adobe
Description

What is the "Adobe AEM Offloading Browser?"

The "Adobe AEM Offloading Browser" module is designed to detect misconfigurations in Adobe Experience Manager (AEM) installations. AEM is a content management system that allows organizations to create, manage, and deliver digital experiences across various channels.

This module has a medium severity level, indicating that it can potentially expose vulnerabilities or security weaknesses in AEM deployments.

Author: dhiyaneshDk

Impact

This module helps identify potential misconfigurations in the "Offloading Browser" feature of Adobe Experience Manager. By detecting misconfigurations, organizations can take appropriate measures to secure their AEM installations and prevent unauthorized access or data breaches.

How the module works?

The "Adobe AEM Offloading Browser" module works by sending a GET request to the "/libs/granite/offloading/content/view.html" path in the AEM installation. It then applies a series of matching conditions to determine if a misconfiguration is present.

Matching conditions:

- The response body must contain the words "Offloading Browser" and ">CLUSTER". - The response headers must include the word "text/html". - The response status code must be 200 (OK).

If all of these conditions are met, the module reports a potential misconfiguration in the AEM Offloading Browser feature.

Reference: https://raw.githubusercontent.com/danielmiessler/SecLists/master/Discovery/Web-Content/aem2.txt

Metadata: shodan-query: http.title:"AEM Sign In",http.component:"Adobe Experience Manager"

Module preview

Concurrent Requests (1)
1. HTTP Request template
GET/libs/granite/offloa...
Matching conditions
word: Offloading Browser, >CLUSTER</th>and
word: text/htmland
status: 200
Passive global matcher
No matching conditions.
On match action
Report vulnerability