Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

AEM Groovy Console Discovery

By kannthu

Critical
Vidoc logoVidoc Module
#aem#adobe#hackerone
Description
Author: Dheerajmadhukar An Adobe Experience Manager Groovy console was discovered. This can possibly lead to remote code execution. Reference - https://hackerone.com/reports/672243 - https://twitter.com/XHackerx007/status/1435139576314671105 Metadata shodan-query: http.component:"Adobe Experience Manager"

Module preview

Concurrent Requests (1)
1. HTTP Request template
GET/groovyconsole/etc/groovyconsole.h...
Headers

Accept: text/html,applicatio...

Accept-Language: en-US,en;q=0.9,hi;q=...

Matching conditions
word: <title>Groovy Console</title>, Run Scrip...and
status: 200
Passive global matcher
No matching conditions.
On match action
Report vulnerability