Automate Recon and scanning process with Vidoc. All security teams in one place
By kannthu
The "Adobe Experience Manager Sling User Login - Detect" module is designed to detect the presence of the user login panel in Adobe Experience Manager (AEM) Sling. AEM Sling is a web framework used for building content-oriented applications in AEM. This module focuses on identifying potential misconfigurations or vulnerabilities related to the user login functionality in AEM Sling.
This module has an informative severity level, which means it provides valuable information but does not indicate a critical security issue.
This module was authored by dhiyaneshDk.
The detection of the Adobe Experience Manager Sling user login panel does not directly indicate a security vulnerability or misconfiguration. However, it can be an important step in identifying potential weaknesses in the authentication and authorization mechanisms of an AEM Sling instance. Further analysis and investigation may be required to determine the impact of the detected login panel.
The module performs HTTP requests to the "/system/sling/cqform/defaultlogin.html" path using the GET method. It then applies several matching conditions to determine if the login panel is present:
- The response body must contain the following words: "<title>Login</title>
", "j_username
", and "j_password
".
- The response headers must include the word "text/html
".
- The response status code must be 200.
If all of these conditions are met, the module considers the Adobe Experience Manager Sling user login panel to be detected.
For example, the module sends an HTTP GET request to "/system/sling/cqform/defaultlogin.html
" and expects a response with a status code of 200, containing the words "<title>Login</title>
", "j_username
", and "j_password
", and with the header "Content-Type: text/html
".
It's important to note that this module only detects the presence of the login panel and does not perform any further actions or exploit any vulnerabilities.