漏洞描述
Adobe AEM Explorer NodeTypes is exposed.
aem-explorer-nodetypes: Adobe AEM Explorer NodeTypes Exposure
PoC代码[已公开]
id: aem-explorer-nodetypes
info:
name: Adobe AEM Explorer NodeTypes Exposure
author: dhiyaneshDk
severity: high
description: Adobe AEM Explorer NodeTypes is exposed.
reference:
- https://raw.githubusercontent.com/danielmiessler/SecLists/master/Discovery/Web-Content/aem2.txt
classification:
cpe: cpe:2.3:a:adobe:experience_manager_cloud_service:*:*:*:*:*:*:*:*
metadata:
max-request: 1
vendor: adobe
product: experience_manager_cloud_service
shodan-query:
- http.title:"AEM Sign In"
- http.component:"Adobe Experience Manager"
tags: misconfig,aem,adobe,exposure,vuln
http:
- method: GET
path:
- "{{BaseURL}}/crx/explorer/nodetypes/index.jsp"
matchers-condition: and
matchers:
- type: word
words:
- 'nodetypeadmin'
- 'Registered Node Types'
condition: and
- type: word
part: header
words:
- text/html
- type: status
status:
- 200
# digest: 4a0a00473045022100e4ecdb1a45d78f8e340e37b82ee4440a62b472ecd68e0d5b34ddf980312fb191022059faca8af5b1b5cd9f739684bc5fa81d7d70303862de95d8f0a9f62ba4e427dc:922c64590222798bb761d5b6d8e72950