Automate Recon and scanning process with Vidoc. All security teams in one place
By kannthu
The "Query JCR role via QueryBuilder Servlet" module is a test case designed to detect misconfigurations or vulnerabilities in the Adobe Experience Manager (AEM) software. It targets the JCR (Java Content Repository) role by querying the JCR via the QueryBuilder Servlet. This module has an informative severity level and was authored by DhiyaneshDk.
This module aims to identify potential security issues related to the JCR role in AEM. If misconfigurations or vulnerabilities are found, unauthorized access or manipulation of sensitive data may be possible.
The module sends an HTTP request to the QueryBuilder Servlet, using the GET method and specific parameters. Here is an example of the request:
GET /bin/querybuilder.json.;%0aa.css?p.hits=full&property=rep:authorizableId&type=rep:User HTTP/1.1
Host: {%Hostname%}
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
The module then applies matching conditions to the response to determine if the JCR role is accessible. The matching conditions include:
- The HTTP response status must be 200. - The response body must contain the words "success":true and "jcr:uuid".If all matching conditions are met, the module reports a potential vulnerability or misconfiguration related to the JCR role in AEM.