Author: Dheerajmadhukar
An Adobe Experience Manager Groovy console was discovered. This can possibly lead to remote code execution.
Reference
- https://hackerone.com/reports/672243
- https://twitter.com/XHackerx007/status/1435139576314671105
Metadata
shodan-query: http.component:"Adobe Experience Manager"
Module preview
Concurrent Requests (1)
1. HTTP Request template
GET/groovyconsole/etc/groovyconsole.h...
Headers
Accept: text/html,applicatio...
Accept-Language: en-US,en;q=0.9,hi;q=...
Matching conditions
word: <title>Groovy Console</title>, Run Scrip...and