Skip to content
/ CVE-2020-7961-payloads Public

Deserialization of Untrusted Data in Liferay Portal prior to 7.2.1 CE GA2 allows remote attackers to execute arbitrary code via JSON web services (JSONWS)

4 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

thelostworldFree/CVE-2020-7961-payloads

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
LifExp.java
LifExp.java
 
 
Liferay_Windows_payload.txt
Liferay_Windows_payload.txt
 
 
Liferay_linux_payload.txt
Liferay_linux_payload.txt
 
 
README.md
README.md
 
 
poc.py
poc.py
 
 

Repository files navigation

CVE-2020-7961-payloads

Deserialization of Untrusted Data in Liferay Portal prior to 7.2.1 CE GA2 allows remote attackers to execute arbitrary code via JSON web services (JSONWS)

Step 1) Write Your payload in LifExp.java
Step 2) Compile it with javac
Step 3) make your log server (Maybe you want to use "Burp Collaborator Client")
Step 4) Run poc.py

....enjoy it ;) 😇

poc Code Writed by mzer0one 🙏
https://github.com/mzer0one/CVE-2020-7961-POC

About

Deserialization of Untrusted Data in Liferay Portal prior to 7.2.1 CE GA2 allows remote attackers to execute arbitrary code via JSON web services (JSONWS)

Resources

Readme
Activity

Stars

4 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages