exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Liferay JSON Server API Authentication https://packetstormsecurity.com/files/115242/liferayjson-bypass.txt https://packetstormsecurity.com/files/115242/liferayjson-bypass.txt https://packetstormsecurity.com/files/115242/Liferay-JSON-Server-API-Authentication.html Fri, 03 Aug 2012 15:05:35 GMT The Liferay JSON implementation does not check if a user calling a method on a serviceClass is disabled. Usually the default administrator user, test@liferay.com, is used to create a new administrator and disabled without a change to the default password, so it is possible to use it to execute JSON API calls. Versions 6.0.5 and 6.0.6 are vulnerable.

Related Files

No related files
packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close