Posts: 79
Threads: 4
Joined: Jan 2024
Affected Versions: - Liferay Portal CE: 7.0 GA3, 7.0.1 GA2, 7.0.2 GA3
- Liferay Portal EE: 6.0, 6.0 SP1, 6.0 SP2, 6.1 GA1, 6.1 GA2, 6.1 GA3, 6.2
Bypass Technique: - Filter Bypass:
- ////api///////liferay
- ///api///////spring
- Nginx Forwarding Fails:
/#/../api/liferay
PoC Exploit Code:
Posts: 59
Threads: 6
Joined: Sep 2024
(Mar 13, 2025, 01:14 AM)darkspeed Wrote: Affected Versions:- Liferay Portal CE: 7.0 GA3, 7.0.1 GA2, 7.0.2 GA3
- Liferay Portal EE: 6.0, 6.0 SP1, 6.0 SP2, 6.1 GA1, 6.1 GA2, 6.1 GA3, 6.2
Bypass Technique:- Filter Bypass:
- ////api///////liferay
- ///api///////spring
- Nginx Forwarding Fails:
/#/../api/liferay
PoC Exploit Code: .......................
Posts: 103
Threads: 18
Joined: Nov 2023
(Mar 13, 2025, 01:14 AM)darkspeed Wrote: Affected Versions:- Liferay Portal CE: 7.0 GA3, 7.0.1 GA2, 7.0.2 GA3
- Liferay Portal EE: 6.0, 6.0 SP1, 6.0 SP2, 6.1 GA1, 6.1 GA2, 6.1 GA3, 6.2
Bypass Technique:- Filter Bypass:
- ////api///////liferay
- ///api///////spring
- Nginx Forwarding Fails:
/#/../api/liferay
PoC Exploit Code:
Thanks for sharing...will try this shit out...
Posts: 3
Threads: 0
Joined: Mar 2025
(Mar 13, 2025, 01:14 AM)darkspeed Wrote: Affected Versions:- Liferay Portal CE: 7.0 GA3, 7.0.1 GA2, 7.0.2 GA3
- Liferay Portal EE: 6.0, 6.0 SP1, 6.0 SP2, 6.1 GA1, 6.1 GA2, 6.1 GA3, 6.2
Bypass Technique:- Filter Bypass:
- ////api///////liferay
- ///api///////spring
- Nginx Forwarding Fails:
/#/../api/liferay
PoC Exploit Code:
tttttthanks for your poc
Posts: 79
Threads: 4
Joined: Jan 2024
(Mar 13, 2025, 06:17 AM)Banuk Wrote: Thanks for sharing...will try this shit out...
yeah I found a docker image for liferay 6.1, could be easy for you to build the environment
|
