Details

    Description

      Steps to reproduce:

      1. Visit the following malicious URL
        1. http://localhost:8080/group/control_panel/manage?p_p_id=132&p_p_lifecycle=0&p_p_state=maximized&p_p_mode=view&_132_struts_action=%2Fplugins_admin%2Fedit_plugin&_132_pluginId=116&_132_pluginType=portlet&_132_title=Activities&_132_moduleId=%3Cscript%3Ealert(%22xss%22);%3C/script%3E
        2. http://localhost:8080/group/control_panel/manage?p_p_id=132&p_p_lifecycle=0&p_p_state=maximized&p_p_mode=view&_132_struts_action=%2Fplugins_admin%2Fedit_plugin&_132_pluginId=116&_132_pluginType=portlet&_132_title=Activities&_132_moduleId=%3Cscript%3Ealert(%22xss%22);%3C/script%3E&_2_backURL=%22%3E%3Cscript%3Ealert%28%27xss%27%29;%3C/script%3E
        3. http://localhost:8080/group/control_panel/manage?p_p_id=132&p_p_lifecycle=0&p_p_state=maximized&p_p_mode=view&_132_struts_action=%2Fplugins_admin%2Fedit_plugin&_132_pluginId=116&_132_pluginType=portlet&_132_title=Activities&_132_moduleId=%3Cscript%3Ealert(%22xss%22);%3C/script%3E&_2_backURL=alert%28%27xss%27%29

      Expected Result: This portlet could not be found. Please redeploy it or remove it from the page. message displays and no error throws.

      Actual Result: This portlet could not be found. Please redeploy it or remove it from the page. message dislays but NPE throws and details as following

      2019-08-01 03:09:15.516 ERROR [http-nio-8080-exec-2][IncludeTag:128] Current URL /group/control_panel/manage?p_p_id=132&p_p_lifecycle=0&p_p_state=maximized&p_p_mode=view&_132_struts_action=%2Fplugins_admin%2Fedit_plugin&_132_pluginId=116&_132_pluginType=portlet&_132_title=Activities&_132_moduleId=%3Cscript%3Ealert(%22xss%22);%3C/script%3E&_2_backURL=%22%3E%3Cscript%3Ealert%28%27xss%27%29;%3C/script%3E generates exception: null
      java.lang.NullPointerException
              at com.liferay.portal.model.impl.PortletImpl.getControlPanelEntryInstance(PortletImpl.java:772)
              at com.liferay.portal.service.permission.PortletPermissionImpl.hasControlPanelAccessPermission(PortletPermissionImpl.java:538)
              at com.liferay.portal.kernel.service.permission.PortletPermissionUtil.hasControlPanelAccessPermission(PortletPermissionUtil.java:311)
              at com.liferay.layout.type.controller.control.panel.internal.model.ControlPanelLayoutTypeAccessPolicy.checkAccessAllowedToPortlet(ControlPanelLayoutTypeAccessPolicy.java:58)
              at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:70)
              at javax.servlet.http.HttpServlet.service(HttpServlet.java:741)
              at com.liferay.portal.servlet.DirectRequestDispatcher.include(DirectRequestDispatcher.java:64)
              at com.liferay.portal.servlet.DirectRequestDispatcherFactoryImpl$IndirectRequestDispatcher.include(DirectRequestDispatcherFactoryImpl.java:199)
              at com.liferay.portal.servlet.ClassLoaderRequestDispatcherWrapper.doDispatch(ClassLoaderRequestDispatcherWrapper.java:79)
              at com.liferay.portal.servlet.ClassLoaderRequestDispatcherWrapper.include(ClassLoaderRequestDispatcherWrapper.java:53)
              at com.liferay.taglib.util.IncludeTag.includePage(IncludeTag.java:398)
              at com.liferay.taglib.util.IncludeTag.include(IncludeTag.java:374)
              at com.liferay.taglib.util.IncludeTag.doInclude(IncludeTag.java:217)
              at com.liferay.taglib.util.IncludeTag.doEndTag(IncludeTag.java:88)
              at freemarker.ext.jsp.TagTransformModel$TagWriter.endEvaluation(TagTransformModel.java:400)
              at freemarker.ext.jsp.TagTransformModel$TagWriter.afterBody(TagTransformModel.java:388)
              at freemarker.core.Environment.visitAndTransform(Environment.java:427)
              at freemarker.core.UnifiedCall.accept(UnifiedCall.java:107)
              at freemarker.core.Environment.visit(Environment.java:324)
              at freemarker.core.MixedContent.accept(MixedContent.java:54)
      

      Attachments

        Issue Links

          Activity

            People

              linda.sui Linda Sui
              linda.sui Linda Sui
              Marta Elicegui Marta Elicegui
              Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:
                3 years, 33 weeks, 1 day ago

                Packages

                  Version Package
                  7.0.0 DXP FP87
                  7.0.10.12 DXP SP12
                  7.0.X
                  7.1.10 DXP FP13
                  7.1.X
                  7.2.10 DXP FP2
                  7.2.10.1 DXP SP1
                  7.2.1 CE GA2
                  7.2.X
                  7.3.10 DXP GA1
                  Master