.. / CVE-2020-7961

Exploit for Liferay Portal Unauthenticated < 7.2.1 CE GA2 - Remote Code Execution (CVE-2020-7961)

Description:

Liferay Portal prior to 7.2.1 CE GA2 allows remote attackers to execute arbitrary code via JSON web services (JSONWS).

Nuclei Template

View the template here CVE-2020-7961.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2020/CVE-2020-7961.yaml

References:

https://portal.liferay.dev/learn/security/known-vulnerabilities/-/asset_publisher/HbL5mxmVrnXW/content/id/117954271
https://nvd.nist.gov/vuln/detail/CVE-2020-7961
http://packetstormsecurity.com/files/157254/Liferay-Portal-Java-Unmarshalling-Remote-Code-Execution.html
https://codewhitesec.blogspot.com/2020/03/liferay-portal-json-vulns.html
https://www.synacktiv.com/en/publications/how-to-exploit-liferay-cve-2020-7961-quick-journey-to-poc.html