aem-acs-common: Adobe AEM ACS Common Exposure

日期: 2025-08-01 | 影响软件: Adobe AEM ACS Common | POC: 已公开

漏洞描述

Adobe AEM ACS Common pages exposed.

PoC代码[已公开]

id: aem-acs-common

info:
  name: Adobe AEM ACS Common Exposure
  author: dhiyaneshDk
  severity: medium
  description: Adobe AEM ACS Common pages exposed.
  reference:
    - https://raw.githubusercontent.com/danielmiessler/SecLists/master/Discovery/Web-Content/aem2.txt
  classification:
    cpe: cpe:2.3:a:adobe:acs_aem_commons:*:*:*:*:*:*:*:*
  metadata:
    max-request: 4
    vendor: adobe
    product: acs_aem_commons
    shodan-query:
      - http.title:"AEM Sign In"
      - http.component:"Adobe Experience Manager"
  tags: misconfig,aem,adobe,vuln

http:
  - method: GET
    path:
      - "{{BaseURL}}/etc/acs-commons/jcr-compare.html"
      - "{{BaseURL}}/etc/acs-commons/workflow-remover.html"
      - "{{BaseURL}}/etc/acs-commons/version-compare.html"
      - "{{BaseURL}}/etc/acs-commons/oak-index-manager.html"

    stop-at-first-match: true
    matchers:
      - type: word
        part: body
        words:
          - '<title>Version Compare | ACS AEM Commons</title>'
          - '<title>Oak Index Manager | ACS AEM Commons</title>'
          - '<title>JCR Compare | ACS AEM Commons</title>'
          - '<title>Workflow Remover | ACS AEM Commons</title>'
        condition: or
# digest: 4a0a0047304502205c297a0251257ccdbd997d14a86b2f34188df57a93f37f5c8a7f2c29136d04cf022100ec8263d1f1d01a729c8e8d2a394135070a2341b541406563a9af2576ab445123:922c64590222798bb761d5b6d8e72950
来源: https://github.com/projectdiscovery/nuclei-templates/blob/main/http/misconfiguration/aem/aem-acs-common.yaml