Automate Recon and scanning process with Vidoc. All security teams in one place
By kannthu
The "Query hashed password via QueryBuilder Servlet" module is a test case designed to detect vulnerabilities in the Adobe Experience Manager (AEM) software. It focuses on querying the hashed password using the QueryBuilder Servlet. This module has a medium severity level and was authored by DhiyaneshDk.
If this module detects a vulnerability, it indicates that the QueryBuilder Servlet in AEM may be misconfigured, allowing unauthorized access to hashed passwords. This can potentially lead to a breach of user credentials and compromise the security of the system.
The module sends an HTTP GET request to the QueryBuilder Servlet endpoint, targeting the "/bin/querybuilder.json" path. It includes specific query parameters to retrieve the full details of the "rep:authorizableId" property for users of type "rep:User".
The module then applies matching conditions to the response to determine if a vulnerability exists. It checks if the HTTP status code is 200 and if the response contains the words "\"success\":true" and "rep:password". If both conditions are met, the module reports a vulnerability.
Example HTTP request:
GET /bin/querybuilder.json.;%0aa.css?p.hits=full&property=rep:authorizableId&type=rep:User HTTP/1.1
Host: {%Hostname%}
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
The module's matching conditions:
- Status code: 200 - Response contains the words "\"success\":true" and "rep:password"Note: The module is part of the Vidoc platform, which utilizes multiple modules to perform scanning and testing for various vulnerabilities, misconfigurations, and software detection.