Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

Adobe AEM Security Users Exposure

By kannthu

Medium
Vidoc logoVidoc Module
#misconfig#aem#adobe#exposure
Description

What is the "Adobe AEM Security Users Exposure?"

The "Adobe AEM Security Users Exposure" module is designed to detect potential security vulnerabilities in Adobe Experience Manager (AEM) installations. AEM is a content management system that allows organizations to create, manage, and deliver digital experiences across various channels.

This module focuses specifically on the exposure of user administration functionality in AEM, which can potentially lead to unauthorized access or manipulation of user accounts. The severity of this vulnerability is classified as medium.

Author: dhiyaneshDk

Impact

If the "Adobe AEM Security Users Exposure" vulnerability is present, it could allow attackers to gain unauthorized access to user accounts in the AEM system. This could lead to various security risks, such as data breaches, unauthorized modifications, or privilege escalation.

How does the module work?

The module works by sending HTTP requests to specific endpoints in the AEM system and then applying matching conditions to determine if the vulnerability exists. In this case, the module sends a GET request to the "/libs/granite/security/content/useradmin.html" endpoint.

The module uses the following matching conditions:

- The response body must contain the words "AEM Security | Users" and "trackingelement=\"create user\"" (case-sensitive). - The response headers must include the word "text/html". - The response status code must be 200 (OK).

If all of these conditions are met, the module will report the vulnerability.

Reference: https://raw.githubusercontent.com/danielmiessler/SecLists/master/Discovery/Web-Content/aem2.txt

Metadata: shodan-query: http.title:"AEM Sign In",http.component:"Adobe Experience Manager"

Module preview

Concurrent Requests (1)
1. HTTP Request template
GET/libs/granite/securi...
Matching conditions
word: AEM Security | Users, trackingelement="c...and
word: text/htmland
status: 200
Passive global matcher
No matching conditions.
On match action
Report vulnerability