Automate Recon and scanning process with Vidoc. All security teams in one place
By kannthu
The "AEM QueryBuilder Internal Path Read" module is a test case designed to detect a specific vulnerability in Adobe Experience Manager (AEM) web applications. This module focuses on identifying misconfigurations related to the internal path read functionality in AEM QueryBuilder.
This module has a medium severity level, indicating that if the vulnerability is present, it could potentially lead to unauthorized access or information disclosure.
This module was authored by DhiyaneshDk.
If the vulnerability targeted by this module is present, it could allow an attacker to read internal paths within the AEM system. This could potentially expose sensitive information or provide insights into the structure and organization of the application, which could aid in further attacks.
The "AEM QueryBuilder Internal Path Read" module sends HTTP requests to the AEM server, specifically targeting the "/bin/querybuilder.json" endpoint. It includes various parameters to retrieve specific paths within the AEM system, such as "/home" and "/etc".
The module then applies matching conditions to the responses received from the server. It checks for a successful HTTP status code (200) and the presence of specific words like "jcr:path" and "success" in the response body. If all the matching conditions are met, the module reports a vulnerability.
Here is an example of an HTTP request sent by the module:
GET /bin/querybuilder.json.;%0aa.css?path=/home&p.hits=full&p.limit=-1
The matching conditions used by this module are:
- Check for a successful HTTP status code (200) - Check for the presence of the words "jcr:path" and "success" in the response bodyIf all the matching conditions are satisfied, the module identifies the vulnerability and reports it.
Reference:
Metadata:
shodan-query: http.component:"Adobe Experience Manager"