Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

AEM Hacker - Approaching Adobe Experience Manager Webapps in Bug Bounty Programs

Bugcrowd via YouTube

Overview

Explore a comprehensive methodology for approaching Adobe Experience Manager (AEM) webapps in bug bounty programs during this 49-minute conference talk by Mikhail Egorov. Dive into misconfiguration issues, product vulnerabilities, and newly discovered security flaws in AEM. Learn about the "AEM hacker" automation tool for vulnerability discovery, and gain insights into bypassing AEM Dispatcher, exploiting RCE vulnerabilities, and extracting secrets from JCR. Discover techniques for persistent XSS attacks, leveraging various servlets, and exploiting SSRF and XXE vulnerabilities in AEM deployments. Enhance your bug hunting skills and understand the security implications of this popular enterprise-grade CMS used by high-profile companies.

Syllabus

Intro
Why this talk?
Topics to discuss
Public VPD with AEM targets in scope
Personal achievements in 2018
Previous works
AEM architecture
Common AEM deployment
AEM Dispatcher bypasses
Using CVE-2016-0957
Bypasses for "interesting" servlets
Add multiple slashes
Using SSRF
AEM RCE bundle, build yourself For AEM 6.0 or newer
AEM hacker toolset
aem_hacker.py - checks 1/3
aem_discoverer.py
aem_enum.py
aem_ssrf2rce.py & aem_server.py
RCE via exposed Groovy console
RCE via ACS AEM Tools
How to get valid creds?
RCE via credentials of privileged user
RCE via uploading OSGI bundle
Author user
Non-privileged user
Tricks to get persistent XSS
Anonymous user & SVG
Anonymous user & HTML prop
Anonymous user & upload file
Extracting secrets from JCR
Why is it possible?
What to use
DefaultGetServlet - How to grab
DefaultGetServlet - What to grab
DefaultGetServlet - In the wild
QueryBuilder servlets
QueryBuilder - In the wild
Opensocial (Shindig) proxy
Reporting Services ProxyServlet
Salesforce SecretServlet
SiteCatalystServlet
Auto ProvisioningServlet
SSRF RCE
ExternalJobPostServlet
XXE via WebDAV
Check WebDAV support
Vectors
Video Player.swf
WCMDebugFilter
SuggestionHandlerServlet
Conclusion

Taught by

Bugcrowd

Reviews

Start your review of AEM Hacker - Approaching Adobe Experience Manager Webapps in Bug Bounty Programs

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.