[+] #BugbountyTip:

Invalidate / Flush Cached Pages From AEM - This is one of the most under rated vulnerability that hardly anyone knows about! I will share all details in this thread.

I will share all details in this Thread!

#Bugbounty #TogetherWeHitHarder #BugbountyTip
[+] Vulnerability Type: Improper Access Control

Some programs accept this as Low severity, Most programs accept this as Medium security and a very few will actually accept the Risk.

Max Reward I earned from a single submission $500 (Multiple times)

Lowest bounty rewarded: $50
[+] Impact:

Unauthorized attackers can invalidate/flush dispatcher cache remotely without any rate limiting. If this is done repeatedly it can severely impact the site performance.
[+] Solution:

This happens because "/allowedClients" property is not defined in the dispatcher configuration of target AEM

The /allowedClients property should define specific clients that are allowed to flush the cache (delete and or modify/update files) on the server.
Oh and you will probably find hundreds of vulnerable AEM instances out there right now :)
Including a screenshot of expected response of POC for everyone's ease here!
You can follow @AEMSecurity.
Tip: mention @twtextapp on a Twitter thread with the keyword “unroll” to get a link to it.

Latest Threads Unrolled: