漏洞描述
Adobe AEM Disk Usage Information is exposed.
aem-disk-usage: Adobe AEM Disk Usage Information Disclosure
PoC代码[已公开]
id: aem-disk-usage
info:
name: Adobe AEM Disk Usage Information Disclosure
author: dhiyaneshDk
severity: low
description: Adobe AEM Disk Usage Information is exposed.
reference:
- https://raw.githubusercontent.com/danielmiessler/SecLists/master/Discovery/Web-Content/aem2.txt
classification:
cpe: cpe:2.3:a:adobe:acs_aem_commons:*:*:*:*:*:*:*:*
metadata:
max-request: 2
vendor: adobe
product: acs_aem_commons
shodan-query:
- http.title:"AEM Sign In"
- http.component:"Adobe Experience Manager"
tags: misconfig,aem,adobe,exposure,vuln
http:
- method: GET
path:
- "{{BaseURL}}/etc/reports/diskusage.html"
- "{{BaseURL}}/etc/reports/diskusage.html?path=/content/dam"
stop-at-first-match: true
matchers-condition: and
matchers:
- type: word
words:
- 'Disk Usage /'
- '<th>nodes</th>'
condition: and
- type: word
part: header
words:
- text/html
- type: status
status:
- 200
# digest: 4a0a004730450221009cb845c7fdc1d95385ba405f87769cbf1cb0aecdfe95710198fe9098666deb42022076fc88981d19843c13c4eff7563acb290d379b87828e40ca5678cc2171b9e69d:922c64590222798bb761d5b6d8e72950