Automate Recon and scanning process with Vidoc. All security teams in one place
By kannthu
The "AEM BulkEditor" module is designed to detect misconfigurations in Adobe Experience Manager (AEM) instances. AEM is a content management system that allows users to create, manage, and deliver digital experiences across various channels.
This module has an informative severity level, which means it provides valuable information about potential misconfigurations but does not pose an immediate security threat.
This module was authored by DhiyaneshDK.
The "AEM BulkEditor" module helps identify misconfigurations in AEM instances, which can have various impacts depending on the specific misconfiguration found. These misconfigurations can potentially lead to data leaks, unauthorized access, or other security vulnerabilities.
The "AEM BulkEditor" module works by sending an HTTP GET request to the "/etc/importers/bulkeditor.html" path of the target AEM instance. It then applies matching conditions to determine if the response indicates a misconfiguration.
One of the matching conditions checks if the response body contains the HTML title tag "<title>AEM BulkEditor</title>
". Additionally, it verifies that the response status code is 200 (OK).
If both matching conditions are met, the module reports a potential misconfiguration in the AEM BulkEditor.
For more information, you can refer to the module's reference: https://raw.githubusercontent.com/danielmiessler/SecLists/master/Discovery/Web-Content/aem2.txt
The module's metadata includes a Shodan query that can be used to search for AEM instances with specific HTTP titles and components: http.title:"AEM Sign In",http.component:"Adobe Experience Manager"