id: liferay-portal-detect info: name: Liferay Portal Detection author: organiccrap,dwisiswant0 severity: info # CVE-2020-7961: Liferay Portal Unauthenticated RCE # https://github.com/mzer0one/CVE-2020-7961-POC requests: - method: GET path: - '{{BaseURL}}/api/jsonws' - '{{BaseURL}}/api/jsonws/invoke' headers: User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:55.0) Gecko/20100101 Firefox/55 matchers: - type: word words: - json-web-services-api - There are no services matching that phrase. - Unable to deserialize object condition: or part: body