id: liferay-portal-detect

info:
  name: Liferay Portal Detection
  author: organiccrap,dwisiswant0
  severity: info
  reference: https://github.com/mzer0one/CVE-2020-7961-POC  # CVE-2020-7961: Liferay Portal Unauthenticated RCE
  tags: tech,liferay

requests:
  - method: GET
    path:
      - '{{BaseURL}}/api/jsonws'
      - '{{BaseURL}}/api/jsonws/invoke'

    matchers:
      - type: word
        words:
          - <title>json-web-services-api</title>
          - There are no services matching that phrase.
          - Unable to deserialize object
        condition: or
        part: body