WebApp Sec mailing list archives
Persistent xss liferay enterprise cms
From: Tim Schughart <tim.schughart () icloud com>
Date: Wed, 07 Oct 2015 07:58:50 +0200
Hey guys, during a penatrationtest I have found an unknown persistent xss in liferay portal backend. Liferay is already informed. ################## #General Information# ################## Manufacture description: Liferay Portal is an enterprise-web-platform for the development of business solutions, which provides quick results and long-term values. ######## #Details# ######## · Product: Liferay Portal Enterprise Edition (6.2 EE SP13) · Affected versions : All <= 6.2 EE SP13 · Type of attack: Persistent Cross Site Scripting · Proof Of Concept: Yes, 6.2 EE SP13 · Authentication required: Yes · Reason: Missing input validation · Impact: Injection of malicious JavaScript code ###### #PoC# ###### You have to be authenticated in the administrator backend. Here you have to browse to the control center: - In configuration click on portal settings - Select authentication - Select ldap - select add server - input following code in server name Value for ldap server name field: Name_of_ldap_server<script>alert("XSS")</script> The script is inserted to the configuration page persistent until the ldap server is deleted from database again. #Protection Set XSS Header and create Waf rule until its patched. Best regards / Mit freundlichen Grüßen Tim Schughart This list is sponsored by Cenzic -------------------------------------- Let Us Hack You. Before Hackers Do! It's Finally Here - The Cenzic Website HealthCheck. FREE. Request Yours Now! http://www.cenzic.com/2009HClaunch_Securityfocus --------------------------------------
Current thread:
- Persistent xss liferay enterprise cms Tim Schughart (Oct 06)