Liferay Login Panel - Detect
ID: liferay-portal
Severity: info
Author: organiccrap,dwisiswant0,ricardomaia
Tags: panel,liferay,portal
Description
Section titled “Description”Liferay login panel was detected,
YAML Source
Section titled “YAML Source”id: liferay-portal
info: name: Liferay Login Panel - Detect author: organiccrap,dwisiswant0,ricardomaia severity: info description: Liferay login panel was detected, reference: - https://www.liferay.com/ - https://github.com/mzer0one/CVE-2020-7961-POC classification: cvss-metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N cwe-id: CWE-200 cpe: cpe:2.3:a:liferay:liferay_portal:*:*:*:*:*:*:*:* metadata: verified: true max-request: 3 vendor: liferay product: liferay_portal shodan-query: - http.favicon.hash:129457226 - cpe:"cpe:2.3:a:liferay:liferay_portal" fofa-query: icon_hash=129457226 tags: panel,liferay,portal
http: - method: GET path: - "{{BaseURL}}" - "{{BaseURL}}/api/jsonws" - "{{BaseURL}}/api/jsonws/invoke"
matchers-condition: or stop-at-first-match: true matchers: - type: word part: header words: - "Liferay-Portal" case-insensitive: true
- type: word part: body words: - <title>json-web-services-api</title> - There are no services matching that phrase. - Unable to deserialize object condition: or
extractors: - type: regex part: header name: version group: 2 regex: - '(i?)Liferay-Portal:.*?(\d+\.?.*?)\s'# digest: 490a00463044022054297cc5bda09fdbcc1ab17478d4696157034e1a5ccf2eb1d0b530af8c16aae5022078c178d5f2ea08818547f48eb5d5d3ba9d6fc3a8080521f6d121c058a5297a96:922c64590222798bb761d5b6d8e72950Guide to check the vulnerabilities
Section titled “Guide to check the vulnerabilities”This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.
$ nuclei -u "URL" -t "http/exposed-panels/liferay-portal.yaml"