adobe-experience-manager

2 articles
sort: new top best
clear filter
bug-bounty448 google354 microsoft311 facebook262 xss238 apple179 malware174 rce149 exploit124 bragging-post101 cve99 account-takeover93 phishing83 csrf79 privilege-escalation77 supply-chain65 stored-xss65 authentication-bypass63 dos60 browser57 reflected-xss57 react50 cloudflare49 cross-site-scripting48 reverse-engineering48 input-validation48 access-control47 aws45 docker45 smart-contract45 node44 sql-injection43 ethereum43 web343 defi42 web-security42 web-application41 ssrf38 burp-suite35 idor34 vulnerability-disclosure34 info-disclosure33 race-condition33 html-injection33 cloud32 writeup32 oauth32 buffer-overflow32 smart-contract-vulnerability32 information-disclosure30
0 7/10
RCE on AEM instance without JAVA knowledge
bug-bounty

This article details a real-world RCE vulnerability chain on Adobe Experience Manager (AEM) 6.1, exploiting exposed Felix Console through dispatcher bypass (CVE-2016-0957), default credentials (admin/admin), and malicious OSGi bundle deployment. The author provides step-by-step methodology for gaining code execution without Java knowledge by using pre-built exploitation tools.

rce adobe-experience-manager aem osgi felix-console dispatcher-bypass cve-2016-0957 default-credentials bundle-exploitation bug-bounty java-application cms security-misconfiguration
CVE-2016-0957 Adobe Experience Manager AEM Apache Felix Apache Sling OSGi aem_hacker.py aem-rce-bundle Mikhail Egorov 0ang3el Peter Adkins Darkarnium byq
medium.com · devanshbatham/Awesome-Bugbounty-Writeups · 20 hours ago · details
0 8/10
Reflected XSS at philips.com
vulnerability

A reflected XSS vulnerability was discovered on Philips.com through enabled Adobe Experience Manager debug mode in production, allowing HTML injection via the debug=layout parameter. The attack bypassed ModSecurity and Akamai WAF by using a <body onpointerenter> tag combined with jQuery.getScript() to load external JavaScript, enabling phishing and credential theft from authenticated users.

reflected-xss waf-bypass adobe-experience-manager modsecurity akamai debug-mode html-injection phishing cookie-theft reconnaissance burp-suite responsible-disclosure
Philips Adobe Experience Manager ModSecurity AkamaiGHost WhatWaf WhatCMS.org Aquatone Janrain Jonathan Bouman jQuery
medium.com · devanshbatham/Awesome-Bugbounty-Writeups · 20 hours ago · details