Главная
Study mode:
on
1
Intro
2
Why this talk?
3
Topics to discuss
4
Public VPD with AEM targets in scope
5
Personal achievements in 2018
6
Previous works
7
AEM architecture
8
Common AEM deployment
9
AEM Dispatcher bypasses
10
Using CVE-2016-0957
11
Bypasses for "interesting" servlets
12
Add multiple slashes
13
Using SSRF
14
AEM RCE bundle, build yourself For AEM 6.0 or newer
15
AEM hacker toolset
16
aem_hacker.py - checks 1/3
17
aem_discoverer.py
18
aem_enum.py
19
aem_ssrf2rce.py & aem_server.py
20
RCE via exposed Groovy console
21
RCE via ACS AEM Tools
22
How to get valid creds?
23
RCE via credentials of privileged user
24
RCE via uploading OSGI bundle
25
Author user
26
Non-privileged user
27
Tricks to get persistent XSS
28
Anonymous user & SVG
29
Anonymous user & HTML prop
30
Anonymous user & upload file
31
Extracting secrets from JCR
32
Why is it possible?
33
What to use
34
DefaultGetServlet - How to grab
35
DefaultGetServlet - What to grab
36
DefaultGetServlet - In the wild
37
QueryBuilder servlets
38
QueryBuilder - In the wild
39
Opensocial (Shindig) proxy
40
Reporting Services ProxyServlet
41
Salesforce SecretServlet
42
SiteCatalystServlet
43
Auto ProvisioningServlet
44
SSRF RCE
45
ExternalJobPostServlet
46
XXE via WebDAV
47
Check WebDAV support
48
Vectors
49
Video Player.swf
50
WCMDebugFilter
51
SuggestionHandlerServlet
52
Conclusion
Description:
Explore a comprehensive methodology for approaching Adobe Experience Manager (AEM) webapps in bug bounty programs during this 49-minute conference talk by Mikhail Egorov. Dive into misconfiguration issues, product vulnerabilities, and newly discovered security flaws in AEM. Learn about the "AEM hacker" automation tool for vulnerability discovery, and gain insights into bypassing AEM Dispatcher, exploiting RCE vulnerabilities, and extracting secrets from JCR. Discover techniques for persistent XSS attacks, leveraging various servlets, and exploiting SSRF and XXE vulnerabilities in AEM deployments. Enhance your bug hunting skills and understand the security implications of this popular enterprise-grade CMS used by high-profile companies.

AEM Hacker - Approaching Adobe Experience Manager Webapps in Bug Bounty Programs

Bugcrowd
Add to list
#Art & Design #Digital Media #Adobe #Adobe Experience Manager #Information Security (InfoSec) #Penetration Testing #Ethical Hacking #Bug Bounty #Programming #Web Development #Web Application Security #Content Management Systems #Cybersecurity #Vulnerability Assessment #Remote Code Execution
0:00 / 0:00
1 of 52

Intro