Because I was checking some security issues in my job, I was concerned with exploits for the Adobe AEM system.
We can find a lot of old Adobe AEM Versions out there. To find Websites using Adobe AEM, just go to google and enter:
By doing this, we will get a lot of results with Websites using Adobe AEM – also with preinstalled example content!
When I tried this search, there were over 270.000 Websites.
Most of them are vulnerable!
Default login screen
The first step for a security test is the default login screen. Her we can check whether the default usernames and passwords are being used or not.
We just try some URLs to get it on:
/system/console [Felix Web Console]
/system/admin [CQSE; servlet engine]
/crx/de/index.jsp OR /crx/ [CRX Web Console]
If we have success, what credentials should we use?
I suggest the standard credentials which works in many cases.
Default passwords for Adobe CQ installs are:
admin : admin
author : author
anonymous : anonymous
replication-receiver : replication-receiver
email@example.com : jdoe
firstname.lastname@example.org : aparker
Now we can also check for anonymous access. We check for below mentioned paths:
/etc/packages (packages stored here)
/etc/replication (encrypted transport of user passwords.)
/apps (application resides here)
Adobe AEM Version
Now we might want to find the Version which is used in several Adobe AEM instances.
Here is a Ruby script that grabs the version number of your cq instance from the welcome screen.
if ARGV.length < 3
puts "cqversion.rb username password http://YOURHOST:4502"
username = ARGV
password = ARGV
host = ARGV
uri = URI.parse(host+"/libs/cq/core/content/welcome.html")
http = Net::HTTP.new(uri.host, uri.port)
request = Net::HTTP::Get.new(uri.request_uri)
request.basic_auth username, password
response = http.request(request)
if response.code == "200"
puts /Version [0-9\.a-zA-Z ]*/.match(response.body)
puts "failed to get version number - http error code: ", response.code
Happy hacking ;-)