id: liferay-portal-detect info: name: Liferay Portal Detection author: organiccrap & dwisiswant0 severity: info # CVE-2020-7961: Liferay Portal Unauthenticated RCE # https://github.com/mzer0one/CVE-2020-7961-POC requests: - method: GET path: - '{{BaseURL}}/api/jsonws' - '{{BaseURL}}:8080/api/jsonws' - '{{BaseURL}}/api/jsonws/invoke' - '{{BaseURL}}:8080/api/jsonws/invoke' headers: User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:55.0) Gecko/20100101 Firefox/55 matchers: - type: word words: -