Liferay Portal Vulnerability

liferay

Several critical JSON deserialization vulnerabilities have recently been identified affecting Liferay Portal versions 6.1, 6.2, 7.0, 7.1, and 7.2. These flaws allow remote code execution by unauthenticated users via the JSON web services API.

The Liferay portal is considered one of the best open source portals in the organizational dimensions, which is written in Java language.

These defects have been patched in the following versions of Liferay Portal:

  • 2 GA6
  • 0 GA7
  • 1 GA4
  • 2 GA2

These vulnerabilities include:

The JSONDeserializer function from the Flexjson library provides the possibility of creating arbitrary classes and calling arbitrary setter methods. In Liferay Portal 6.1 & 6.2, the Flexjson library is used for serializing and deserializing data. This library supports object binding that uses the setter methods of objects created for each class with a parameterless constructor.
The JSONWebServiceActionParametersMap function in Liferay Portal also provides the possibility of creating arbitrary classes and calling arbitrary setter methods. In Liferay Portal 7, the Jodd Json library has replaced the Flexjson library. This new library does not support specifying a class to deserialize json data. Instead, only the root object type can be specified and must be provided explicitly by a java.lang.Class object instance.

 

Exploit

 

The script to break into Liferay portals has been published through this vulnerability, which is available from the link below.

https://github.com/mzer0one/CVE-2020-7961-POC

Narrated by: cert.ir

NewsUncategorized

CVE-2020-7961liferay

Leave a Reply

Your email address will not be published. Required fields are marked *