Automate Recon and scanning process with Vidoc. All security teams in one place
By kannthu
This module targets the AEM (Adobe Experience Manager) QueryBuilder Json Servlet, which is a part of the Adobe Experience Manager software. It is designed to detect sensitive information exposure vulnerabilities in the servlet.
Severity: Informative
The AEM QueryBuilder Json Servlet is a component of the Adobe Experience Manager (AEM) software. It is responsible for handling JSON-based queries to the AEM QueryBuilder API. This module focuses on detecting vulnerabilities related to sensitive information exposure in the servlet.
The vulnerabilities detected by this module can potentially lead to the exposure of sensitive information. This can include confidential data, user credentials, or other sensitive information stored within the AEM system.
The module works by sending HTTP requests to various endpoints associated with the AEM QueryBuilder Json Servlet. It then applies matching conditions to determine if the responses indicate the presence of vulnerabilities.
Example HTTP request:
GET /bin/querybuilder.json
The module uses the following matching conditions:
- Status: The response status code must be 200. - Content-Type: The response must have the header "Content-Type" with the value "application/json". - Keywords: The response body must contain the keywords "success" and "results".If all the matching conditions are met, the module reports a potential vulnerability related to sensitive information exposure in the AEM QueryBuilder Json Servlet.