Uploaded image for project: 'PUBLIC - Liferay Portal Community Edition'
  1. PUBLIC - Liferay Portal Community Edition
  2. LPS-61517

Redirect vulunerbility in liferay out of box search portlet

    Details

    • Fix Priority:
      2

      Description

      Please follow these steps to reproduce the issue in liferay 6.1.2 CE & EE editions.

      1) Go to control panel and add document & media (Basic document). Please create simple text file with content 'Test Testing for redirection vulnerability" and add it. See attached.
      2) Provide title as "Test Redirect"
      3) Provide description as "Test Redirect" and click on publish
      4) Go to any public page and add liferay out of box search porlet (p_p_id=3) (From Admin Tool bar -> Add -> More... -> Tools -> Search
      5) Search for word "Test"
      6) Above added document will show in search results on the right hand side
      7) Hover mouse over the link, right click and copy the URL
      8) Paste this in the text editor and will look like below

      http://localhost:8080/c/document_library/find_file_entry?p_l_id=10183&noSuchEntryRedirect=http%3A%2F%2Flocalhost%3A8080%2Fweb%2Fdefault%2Fhome%3Fp_p_auth%3DsmeBxkx6%26p_p_id%3D101%26p_p_lifecycle%3D0%26p_p_state%3Dmaximized%26p_p_mode%3Dview%26_101_struts_action%3D%252Fasset_publisher%252Fview_content%26_101_assetEntryId%3D58617%26_101_type%3Ddocument%26redirect%3Dhttp%253A%252F%252Flocalhost%253A8080%252Fweb%252Fdefault%252Fhome%253Fp_p_id%253D3%2526p_p_lifecycle%253D0%2526p_p_state%253Dmaximized%2526p_p_mode%253Dview%2526_3_groupId%253D0%2526_3_keywords%253Dtest%2526_3_struts_action%253D%25252Fsearch%25252Fsearch%2526_3_redirect%253D%25252Fhome&fileEntryId=58615&redirect=http%3A%2F%2Flocalhost%3A8080%2Fweb%2Fdefault%2Fhome%3Fp_p_id%3D3%26p_p_lifecycle%3D0%26p_p_state%3Dmaximized%26p_p_mode%3Dview%26_3_groupId%3D0%26_3_keywords%3Dtest%26_3_struts_action%3D%252Fsearch%252Fsearch%26_3_redirect%3D%252Fhome

      9) now look for noSuchEntryRedirect parameter and change the value from localhost to www.google.com and paste it in the URL window

      10) Liferay will now redirect this to google.com

      Even though we set below properties in portal-ext.properties, it is still redirecting to the google.com

      redirect.url.security.mode=domain
      redirect.url.domains.allowed=localhost

        Attachments

        1. Liferay_Search_Results.png
          Liferay_Search_Results.png
          42 kB
        2. reproduced.png
          reproduced.png
          37 kB
        3. Test Redirect.txt
          0.0 kB

          Issue Links

            Activity

              People

              Assignee:
              support-lep@liferay.com SE Support
              Reporter:
              ravikuwi Ravi Gurram
              Participants of an Issue:
              Recent user:
              Esther Sanz
              Votes:
              3 Vote for this issue
              Watchers:
              1 Start watching this issue

                Dates

                Created:
                Updated:
                Days since last comment:
                6 years, 3 weeks, 5 days ago

                  Packages

                  Version Package