.. / CVE-2016-0957

Exploit for Adobe AEM Dispatcher <4.15 - Rules Bypass (CVE-2016-0957)

Description:

Dispatcher before 4.1.5 in Adobe Experience Manager 5.6.1, 6.0.0, and 6.1.0 does not properly implement a URL filter, which allows remote attackers to bypass dispatcher rules via unspecified vectors.

Nuclei Template

View the template here CVE-2016-0957.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2016/CVE-2016-0957.yaml

References:

https://nvd.nist.gov/vuln/detail/CVE-2016-0957
https://github.com/ARPSyndicate/cvemon
https://www.kernelpicnic.net/2016/07/24/Microsoft-signout.live.com-Remote-Code-Execution-Write-Up.html
https://github.com/ARPSyndicate/kenzer-templates
https://helpx.adobe.com/security/products/experience-manager/apsb16-05.html

.. / CVE-2016-0957 if(localStorage["style"]=="true"){ document.getElementById('pagestyle').setAttribute('href','/assets/styleDark.css'); document.querySelector('input[type="checkbox"]').checked = true }

Exploit for Adobe AEM Dispatcher <4.15 - Rules Bypass (CVE-2016-0957)

Description:

Nuclei Template

Validate with Nuclei

.. / CVE-2016-0957