漏洞描述
Adobe AEM Misc Admin Dashboard is exposed.
aem-misc-admin: Adobe AEM Misc Admin Dashboard Exposure
PoC代码[已公开]
id: aem-misc-admin
info:
name: Adobe AEM Misc Admin Dashboard Exposure
author: dhiyaneshDk
severity: high
description: Adobe AEM Misc Admin Dashboard is exposed.
reference:
- https://raw.githubusercontent.com/danielmiessler/SecLists/master/Discovery/Web-Content/aem2.txt
metadata:
verified: true
max-request: 9
shodan-query:
- http.title:"AEM Sign In"
- http.component:"Adobe Experience Manager"
tags: misconfig,aem,adobe,exposure,vuln
http:
- method: GET
path:
- "{{BaseURL}}{{paths}}"
payloads:
paths:
- "/miscadmin"
- "/mcmadmin#/content/dashboard"
- "/miscadmin#/etc/mobile"
- "/miscadmin#/etc/segmentation"
- "/miscadmin#/etc/blueprints"
- "/miscadmin#/etc/designs"
- "/miscadmin#/etc/importers"
- "/miscadmin#/etc/reports"
- "/miscadmin#/etc/msm/rolloutconfigs"
stop-at-first-match: true
matchers-condition: and
matchers:
- type: word
part: body
words:
- '<title>AEM Tools</title>'
- '<title>AEM MCM</title>'
condition: or
- type: word
part: header
words:
- text/html
- type: status
status:
- 200
# digest: 4a0a00473045022100b52f9bf8edf11ca172696460f9acec567d30bd51c36c805a81985a041357df9c02204d77df08dd384ca744c1ed99ddb6556d350e8f28323b07838d33def443e2affd:922c64590222798bb761d5b6d8e72950