The CVE That Will Never Die! | AEM Community Blog Seeding

Avatar

Avatar

kautuk_sahni

Community Manager

Total Posts

6.0K

Likes

1.1K

Correct Reply

1.1K

Avatar

kautuk_sahni

Community Manager

Total Posts

6.0K

Likes

1.1K

Correct Reply

1.1K
kautuk_sahni
Community Manager

16-02-2021

BlogImage.jpg

The CVE That Will Never Die! by Clark Voss

Abstract

While exploring targets lately on Synack and HackerOne, I keep coming across this old CVE, itโ€™s CVE-2016โ€“0957. For those that donโ€™t recall this little gem, it involves bypassing adobeโ€™s dispatcher. Think of the dispatcher like a web application firewall (WAF). But first I will start by explaining the Adobe Experience Manager (AEM) quick. Adobe says itโ€™s a comprehensive content management solution for building websites, mobile apps, and forms.

Adobe, Iโ€™m sure itโ€™s great! But letโ€™s learn how I spot it, whatโ€™s possible once you find it, and the tools that make all of that happen!
Letโ€™s get started!

First finding AEM, you can do a simple google search, below are some searches you can do and the results of one quick search.
What we are searching for:
Inurl:/content/dam/
inurl:/content/geometrixx/
inurl:/etc.clientlibs
inurl: /libs/cq/security/userinfo.json

Then look for targets that have a bug bounty on HackerOne or BugCrowd for instance. Once you find targets explore the HTML on the main page looking for references to etc.clientlibs, content, or dam. These are dead giveaways the site is using AEM, an example below.

I should mention if you think only small sites have this issue, even bigger sites can slightly misconfigure AEM, exposing information.
If your search doesnโ€™t turn up good candidates, you can also go to https://chaos.projectdiscovery.io/#/, and download lists of targets.

Once you have a list of targets you can run Nuclei against them.

If you havenโ€™t heard of Nuclei you should start using it, itโ€™s a fast-configurable targeted scanner. I will go over how I use it to find a bunch of things along with other tricks in a book Iโ€™m writing that hopefully will be released next year called โ€œThe Side Hustlers Guide to Hackingโ€.

Read Full Blog

The CVE That Will Never Die!

Q&A

Please use this thread to ask the related questions.

AEM AEMEBlogSeeding Experience Manager