id: liferay-api

info:
  name: Liferay /api/liferay - API Exposed
  author: DhiyaneshDk
  severity: info
  reference: https://github.com/ilmila/J2EEScan/blob/master/src/main/java/burp/j2ee/issues/impl/LiferayAPI.java
  metadata:
    verified: true
    max-request: 1
    shodan-query: title:"Liferay"
  tags: liferay,exposure,api,misconfig

http:
  - method: GET
    path:
      - "{{BaseURL}}/api/liferay"

    matchers-condition: and
    matchers:
      - type: regex
        part: body
        regex:
          - ".*Internal Server Error.*An error occurred while accessing the requested resource\\..*"

      - type: word
        part: header
        words:
          - "text/html"

      - type: status
        status:
          - 404

# digest: 4a0a00473045022100b6913004c4a95a7d6a50eb72b70a81e4476030fa9d5308573cd4c03de66713fc02201b1379f60747a88aa48f7c9840e21a51d35a8015ef7f0298acd5d53e5e4cde40:922c64590222798bb761d5b6d8e72950