![]() ![]() Exposed GQLServlet - GQLServlet is similar to QueryBuilderFeedServlet.Exposed QueryBulderJsonServlet and QueryBuilderFeedServlet - if those servlets are exposed it might be possible to access various sensitive information and secrets.Exposed DefaultGetServlet - checks if JCR nodes, that might contain sensitive information and secrets, are exposed via DefaultGetServlet.Important: You need a VPS to detect SSRF vulnerabilities!įollowing checks are currently implemented: ![]() aem-rce-sling-script.sh - script to get RCE by uploading JSP shell to /apps JCR node.aem_ssrf2rce.py, aem_server.py, response.bin - scripts to get RCE from SSRF.aem_discoverer.py - script to discover AEM webapps from list of URLs.aem_hacker.py - main script to scan AEM webapp for vulnerabilities.Bughunter, you have good chances to find security bugs, enjoy the tools! You can find more details about vulnerabilities and techniques in presentations, I've prepared for Hacktivity conference and LevelUp 0x03.ĪEM webapps are widespread and rarely configured securely or kept up to date. All discovered vulnerabilities were responsibly reported to Adobe PSIRT. ![]() I've included checks for previously known vulnerabilities and misconfigurations, as well as for new ones, discovered by me in 2018/2019. I've built these tools to automate bughunting and pentesting of AEM webapps. Tools to identify vulnerable Adobe Experience Manager (AEM) webapps. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |