Liferay 6.0.x - WebDAV File Reading

EDB-ID:

18763

CVE:


EDB Verified:

Author:

Jelmer Kuperus

Type:

remote

Exploit:   /  

Platform:

Multiple

Date:

2012-04-22

Vulnerable App: 
Specially crafted webdav request allows reading of local files on liferay 6.0.x

Description:

Liferay Portal is an enterprise portal written in Java

By creating a specially crafted webdav request that contains an
external entity it is possible to read files from a liferay server.
and echo these back in the response. You could use this for instance
to download configuration files containing database passwords or ssh
keys located in a users home folder

Proof of concept:

Code demonstrating the vulnerability can be found at

https://github.com/jelmerk/LPS-24562-proof
https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/18763.tar.gz

Systems affected:

Liferay 6.0.5 ce is confirmed to be vulnerable
Liferay 6.0.6 ce is confirmed to be vulnerable

Vendor status :

Liferay was notified januari 2 2012 by filing a bug in their public
bugtracker under issue number LPS-24562. The issue has since been
flagged as private and has been resolved.
Tags:
Advisory/Source: Link
Databases Links Sites Solutions
Exploits Search Exploit-DB OffSec Courses and Certifications
Google Hacking Submit Entry Kali Linux Learn Subscriptions
Papers SearchSploit Manual VulnHub OffSec Cyber Range
Shellcodes Exploit Statistics Proving Grounds
Penetration Testing Services
Exploits Google Hacking Papers Shellcodes
Search Exploit-DB Submit Entry SearchSploit Manual Exploit Statistics
OffSec Kali Linux VulnHub
Courses and Certifications Learn Subscriptions OffSec Cyber Range Proving Grounds Penetration Testing Services