Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

AEM BG-Servlets

By kannthu

Informative
Vidoc logoVidoc Module
#aem
Description

What is "AEM BG-Servlets"?

The "AEM BG-Servlets" module is a test case designed to detect misconfigurations or vulnerabilities in Adobe Experience Manager (AEM) web applications. It focuses on the BG-Servlets component of AEM. The severity of the module is informative, meaning it provides valuable insights but does not indicate a critical security issue. The original author of this module is DhiyaneshDk.

Impact

This module aims to identify potential security weaknesses or misconfigurations in the AEM BG-Servlets component. By detecting these issues, it helps organizations ensure the proper configuration and security of their AEM web applications.

How does the module work?

The "AEM BG-Servlets" module utilizes HTTP request templates and matching conditions to perform its tests. It sends a GET request to the path "/system/bgservlets/test.css" and applies two matching conditions:

- Status: The response status code must be 200. - Word: The response body must contain the phrase "<br/>Flushing output<br/>".

If both conditions are met, the module considers the test successful, indicating a potential misconfiguration or vulnerability in the AEM BG-Servlets component.

Reference:

- https://www.slideshare.net/0ang3el/hunting-for-security-bugs-in-aem-webapps-129262212

Metadata:

shodan-query: http.component:"Adobe Experience Manager"

Module preview

Concurrent Requests (1)
1. HTTP Request template
GET/system/bgservlets/t...
Matching conditions
status: 200and
word: <br/>Flushing output<br/>
Passive global matcher
No matching conditions.
On match action
Report vulnerability