CVE-2016-0957 PoC — Adobe Experience Manager Dispatcher 安全漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2016/CVE-2016-0957.yaml

Associated Vulnerability

Title:Adobe Experience Manager Dispatcher 安全漏洞 (CVE-2016-0957)
Description:Adobe Experience Manager（AEM）是美国奥多比（Adobe）公司的一套可用于构建网站、移动应用程序和表单的内容管理解决方案。该方案支持移动内容管理、营销销售活动管理和多站点管理等。Dispatcher是其中的一个保持AEM缓存或者负载平衡的工具。 AEM的Dispatcher中存在安全漏洞，该漏洞源于程序没有正确实现URL过滤器。远程攻击者可利用该漏洞绕过dispatcher规则。以下版本受到影响：AEM 5.6.1版本，6.0.0版本，6.1.0版本，Dispatcher 4.1

Description

Dispatcher before 4.1.5 in Adobe Experience Manager 5.6.1, 6.0.0, and 6.1.0 does not properly implement a URL filter, which allows remote attackers to bypass dispatcher rules via unspecified vectors.

File Snapshot


 id: CVE-2016-0957

info:
  name: Adobe AEM Dispatcher <4.15 - Rules Bypass
  author: geeknik
  sever

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!