Expand my Community achievements bar.

Discover Adobe Experience Manager Instances on The Internet | AEM Community Blog Seeding

Avatar

Administrator

BlogImage.jpg

Discover Adobe Experience Manager Instances on The Internet by Pura Dawid

Abstract

Knowing that someone uses a specific software can be used against the user. Sometimes, an attacker has to use sophisticated techniques to guess which software is behind the initial website. These could be 404 requests or some malformed queries to get the detailed stack trace or specific page organisation. It turns out, the number of requests required for detecting AEM equals 1. In this blog post, I will leverage that fact. Here, I present a technique for discovering Adobe Experience Manager using a regular, random web crawler.

Adobe Experience Manager Recognised Easily
AEM is a specific CMS that uses strong path organisation - including how assets, pages, and scripts are stored. In very default configuration, all pages are stored under /content..., scripts /etc.clientlibs (/etc/designs... for older versions) and assets /content/dam. Leveraging this fact, I am considering finding out which websites use this CMS available on the public Internet.

Value of Information
How can this knowledge be used? Organisations that use AEM have high credibility, visibility, and wealth. Instances are not covering the organisation’s core activity but informative websites. Even then, disruptions, like increasing the page load time, may take part in a multi-dimensional operation against the target. If the attacker knows the target is AEM upfront, it’s certainly easier to prepare a set of attacks for the website. If this is extremely easy to find out, the attacker can pick the target based on that fact.

From another perspective, AEM vendors are fighting for each perimeter of the AEM world - which is very natural in this market. Having a list of AEM websites, they can discover potential customers. I consider this a slight market advantage. The race never ends.

Existing Solution(s)
AEM Hacker is a project for discovering AEM’s vulnerabilities automatically, based on the website name. Developers and testers often use the tool to verify a website’s security. One of the scripts can discover the AEM by making special HTTP requests.

In this article, however, I would like to perform a similar discovery based on reading a designed to use response so the attacker cannot be easily discovered in this stage, making a small amount of absolutely legitimate requests.

Read Full Blog

Discover Adobe Experience Manager Instances on The Internet

Q&A

Please use this thread to ask the related questions.



Kautuk Sahni
0 Replies