CVE-2016-0957 PoC — Adobe Experience Manager Dispatcher 安全漏洞

Source

https://github.com/fuckwbored/CVE-2016-0957-payloads

Associated Vulnerability

Title:Adobe Experience Manager Dispatcher 安全漏洞 (CVE-2016-0957)
Description:Adobe Experience Manager（AEM）是美国奥多比（Adobe）公司的一套可用于构建网站、移动应用程序和表单的内容管理解决方案。该方案支持移动内容管理、营销销售活动管理和多站点管理等。Dispatcher是其中的一个保持AEM缓存或者负载平衡的工具。 AEM的Dispatcher中存在安全漏洞，该漏洞源于程序没有正确实现URL过滤器。远程攻击者可利用该漏洞绕过dispatcher规则。以下版本受到影响：AEM 5.6.1版本，6.0.0版本，6.1.0版本，Dispatcher 4.1

Readme

![image](https://github.com/user-attachments/assets/8c25f3a1-7e0e-4ad8-803e-cfc50caf7e84)

Use this payloads to bypass AEM 403/404 with the help of CVE-2016-0957

As example, .json path was 404 . But with the help of this payloads, i found, that it exists
![image](https://github.com/user-attachments/assets/9f537549-5fe0-4fe8-9c43-7d9f61df5572)


# You can add extensions like this too:
/bin/querybuilder.json => /bin/querybuilder.json.gif

/bin/querybuilder.json => /bin/querybuilder.json.css

And this will bypass dispatcher :)

File Snapshot


 [4.0K]  /data/pocs/bc0ecbf0a0fed76ca224d7b3918389039df0f2c4
├── [1.3K]  payloads.txt
└── [ 531]  README.md

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!