id: aem-misc-admin

info:
  name: Adobe AEM Misc Admin Dashboard Exposure
  author: dhiyaneshDk
  severity: high
  description: Adobe AEM Misc Admin Dashboard is exposed.
  reference:
    - https://raw.githubusercontent.com/danielmiessler/SecLists/master/Discovery/Web-Content/aem2.txt
  metadata:
    verified: true
    max-request: 9
    shodan-query:
      - http.title:"AEM Sign In"
      - http.component:"Adobe Experience Manager"
  tags: misconfig,aem,adobe,exposure

http:
  - method: GET
    path:
      - "{{BaseURL}}{{paths}}"
    payloads:
      paths:
        - "/miscadmin"
        - "/mcmadmin#/content/dashboard"
        - "/miscadmin#/etc/mobile"
        - "/miscadmin#/etc/segmentation"
        - "/miscadmin#/etc/blueprints"
        - "/miscadmin#/etc/designs"
        - "/miscadmin#/etc/importers"
        - "/miscadmin#/etc/reports"
        - "/miscadmin#/etc/msm/rolloutconfigs"

    stop-at-first-match: true

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - '<title>AEM Tools</title>'
          - '<title>AEM MCM</title>'
        condition: or

      - type: word
        part: header
        words:
          - text/html

      - type: status
        status:
          - 200
# digest: 4a0a004730450220063fe127651bb53bf854c775c4842f32f9c9f120d53cbae1b564cb49d6344a96022100ee82e6175bba77939ffd29d83b1886d303e5955a0823d7d99186228ad47483f3:922c64590222798bb761d5b6d8e72950