7.5
CVSSv2

CVE-2020-7961

Published: 20/03/2020 Updated: 30/01/2021
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 682
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Summary

Deserialization of Untrusted Data in Liferay Portal before 7.2.1 CE GA2 allows remote malicious users to execute arbitrary code via JSON web services (JSONWS).

Most Upvoted Vulmon Research Post

POC of Liferay Portal RCE:

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

liferay liferay portal

Mailing Lists

This Metasploit module exploits a Java unmarshalling vulnerability via JSONWS in Liferay Portal versions prior to 625 GA6, 706 GA7, 713 GA4, and 721 GA2 to execute code as the Liferay user Tested against 720 GA1 ...
Liferay Portal versions prior to 721 CE GA2 exploit that gains code execution due to deserialization of untrusted data sent to the JSON web services interface ...

Github Repositories

Exploit script for CVE-2020-7961

CVE-2020-7961 Exploit script for CVE-2020-7961 Unauthenticated Remote code execution via JSONWS References & inspirations original blogpost : codewhitesecblogspotcom/2020/03/liferay-portal-json-vulnshtml synacktiv blogpost : wwwsynacktivcom/publications/how-to-exploit-liferay-cve-2020-7961-quick-journey-to-pochtml code base #1 : githubcom

Credit goes to @mzer0one CVE-2020-7961-POC All the information provided on this site are for educational purposes only The site and authors of the repository is no way responsible for any misuse of the information Liferay-Deserialize-POC Edit the content of the LifExpjava file to suit your target os system (egg: for Windows -> cmdexe, for Linux -> /bin/sh) Ru

CVE-2020–7961 Mass exploit for Script Kiddies

CVE-2020-7961-Mass CVE-2020–7961 Mass exploit for Script Kiddies Tested on: Kali Linux, Windows, Requirements: apt install python3 pip3 install requests colorama Usage: python3 rcepy [target url] | For a single target python3 masspy [list url] | For a list target Saved file to: linuxtxt, wintxt Simple Shell: python shellpy [target] Dork: ht

Vuln Liferay scanner & Exploit

liferay-scanner Vuln Liferay scanner Liferay scanner for CVE-2020-7961 About Code Completely Ripped off from @tomnomnom - he is a hero if you meet him buy him a bevvie!! if vuln it should add it to liferaylog Mainly made by tomnomnom and i changed the request to look for liferay Build go get -u githubcom/fatih/color go build liferaygo How to run cat listtxt | /lifera

CVE-2020-7961-POC All the information provided on this site are for educational purposes only The site and authors of the repository is no way responsible for any misuse of the information

Deserialization of Untrusted Data in Liferay Portal prior to 7.2.1 CE GA2 allows remote attackers to execute arbitrary code via JSON web services (JSONWS)

CVE-2020-7961-payloads Deserialization of Untrusted Data in Liferay Portal prior to 721 CE GA2 allows remote attackers to execute arbitrary code via JSON web services (JSONWS) Step 1) Write Your payload in LifExpjava Step 2) Compile it with javac Step 3) make your log server (Maybe you want to use "Burp Collaborator Client") Step 4) Run pocpy enjoy it ;)

Detect vulns liferay CVE-2020-7961 by Nattroc (EOG Team)

GLiferay Detect vulns liferay CVE-2020-7961 by Nattroc (EOG Team)

Vuln Liferay scanner & Exploit

liferay-scanner Vuln Liferay scanner Liferay scanner for CVE-2020-7961 About Code Completely Ripped off from @tomnomnom - he is a hero if you meet him buy him a bevvie!! if vuln it should add it to liferaylog Mainly made by tomnomnom and i changed the request to look for liferay Build go get -u githubcom/fatih/color go build liferaygo How to run cat listtxt | /lifera

CVE-2020-7961-payloads Deserialization of Untrusted Data in Liferay Portal prior to 721 CE GA2 allows remote attackers to execute arbitrary code via JSON web services (JSONWS) Step 1) Write Your payload in LifExpjava Step 2) Compile it with javac Step 3) make your log server (Maybe you want to use "Burp Collaborator Client") Step 4) Run pocpy enjoy it ;)

POC-CVE-2020-7961-Token-iterate

POC-CVE-2020-7961-Token-iterate POC-CVE-2020-7961-Token-iterate

Inspecting Malicious Requests I recently stood up a crude web application and my logs were capturing various requests my public IP was attracting I had seen some such requests before but finally decided it warranted a blog post, and you can read more here Otherwise, I'm posting this in a repository as a point of collaboration if any of my readers want to correct, inform

List of misc stuff over the internet githubcom/sxcurity/230-OOB githubcom/nccgroup/featherduster githubcom/ianare/exif-samples githubcom/oversecured/ovaa githubcom/drwetter/testsslsh githubcom/shroudedcode/apk-mitm githubcom/mattias-ohlsson/eicar-standard-antivirus-test-files githubcom/frohoff/ysoserialgi

Cybersecurity Web Security The World of Web Security in Cybersecurity : A collection of Web Security materials, libraries, documents, books, resources and cool stuff about in Cybersecurity Thanks to all contributors, you're awesome and wouldn't be possible without you! Our goal is to build a categorized community-driven collection of very well-known resources Ensu

This Resource Pack comes with ethical hacking and unethical eBooks and other things such as programming Anarchism to Survival books to lock picking it also comes with a collection of Kevin mitnick books most of the eBook are the hacking for dummies , programming for dummies etc it also comes with books like how to build your network aka networki…

The Hacker Resource-Pack- This Resource Pack comes with ethical hacking and unethical eBooks and other things such as programming Anarchism to Survival books to lock picking it also comes with a collection of Kevin mitnick books most of the eBook are the hacking for dummies , programming for dummies etc it also comes with books like how to build your network aka networking and

Programming Hacking Resources- This Resource Pack comes with ethical hacking and unethical eBooks and other things such as programming to lock picking it also comes with a collection of Kevin mitnick books most of the eBook are the hacking for dummies , programming for dummies etc it also comes with books like how to build your network aka networking and Linux books and more my

PENTESTING-BIBLE WAYBACK MACHINE FOR HACKING ARTICLES ALL THE SCREENSHOTS IS AS PDF hundreds of ethical hacking & penetration testing & red team & cyber security & computer science resources MORE THAN 2000 LINKS MORE THAN 2000 PDF FILES ABOUT DIFFERENT FIELDS OF HACKING note:most of the pdf files is different than the links which means there

PENTESTING-BIBLE Explore more than 2000 hacking articles saved over time as PDF BROWSE HISTORY Created By Ammar Amer (Twitter @cry__pto) Support Paypal: -1- 3 Ways Extract Password Hashes from NTDSdit: wwwhackingarticlesin/3-ways-extract-password-hashes-from-ntds-dit -2- 3 ways to Capture HTTP Password in Network PC: wwwhackingarticlesin/3-ways-to-captu

A curated list of Web Security materials and resources.

Awesome Web Security Curated list of Web Security materials and resources Needless to say, most websites suffer from various types of bugs which may eventually lead to vulnerabilities Why would this happen so often? There can be many factors involved including misconfiguration, shortage of engineers' security skills, etc To combat this, here is a curated list of We

This Resource Pack comes with ethical hacking and unethical eBooks and other things such as programming Anarchism to Survival books to lock picking it also comes with a collection of Kevin mitnick books most of the eBook are the hacking for dummies , programming for dummies etc it also comes with books like how to build your network aka networki…

Coder-Everyday-Resource-Pack- This Resource Pack comes with ethical hacking and unethical eBooks and other things such as programming Anarchism to Survival books to lock picking it also comes with a collection of Kevin mitnick books most of the eBook are the hacking for dummies , programming for dummies etc it also comes with books like how to build your network aka networking

PENTESTING-BIBLE hundreds of ethical hacking & penetration testing & red team & cyber security & computer science resources ALMOST 2000 LINKS ALMOST 2000 PDF FILES ABOUT DIFFERENT FIELDS OF HACKING note:most of the pdf files is different than the links which means there is now almost 4000 links & pdf files Support Your generous dona

PENTESTING-BIBLE Explore more than 2000 hacking articles saved over time as PDF BROWSE HISTORY Created By Ammar Amer (Twitter @cry__pto) Support Paypal: -1- 3 Ways Extract Password Hashes from NTDSdit: wwwhackingarticlesin/3-ways-extract-password-hashes-from-ntds-dit -2- 3 ways to Capture HTTP Password in Network PC: wwwhackingarticlesin/3-ways-to-captu

PENTESTING-BIBLE hundreds of ethical hacking & penetration testing & red team & cyber security & computer science resources ALMOST 2000 LINKS ALMOST 2000 PDF FILES ABOUT DIFFERENT FIELDS OF HACKING note:most of the pdf files is different than the links which means there is now almost 4000 links & pdf files Support Your generous dona

This Resource Pack comes with ethical hacking and unethical eBooks and other things such as programming Anarchism to Survival books to lock picking it also comes with a collection of Kevin mitnick books most of the eBook are the hacking for dummies , programming for dummies etc it also comes with books like how to build your network aka networki…

The Tech Enthusiast Resource-Pack- This Resource Pack comes with ethical hacking and unethical eBooks and other things such as programming Anarchism to Survival books to lock picking it also comes with a collection of Kevin mitnick books most of the eBook are the hacking for dummies , programming for dummies etc it also comes with books like how to build your network aka networ

PENTESTING-BIBLE Explore more than 2000 hacking articles saved over time as PDF BROWSE HISTORY Created By Ammar Amer (Twitter @cry__pto) Support Paypal: -1- 3 Ways Extract Password Hashes from NTDSdit: wwwhackingarticlesin/3-ways-extract-password-hashes-from-ntds-dit -2- 3 ways to Capture HTTP Password in Network PC: wwwhackingarticlesin/3-ways-to-captu

PENTESTING-BIBLE Explore more than 2000 hacking articles saved over time as PDF BROWSE HISTORY Created By Ammar Amer (Twitter @cry__pto) Support Paypal: -1- 3 Ways Extract Password Hashes from NTDSdit: wwwhackingarticlesin/3-ways-extract-password-hashes-from-ntds-dit -2- 3 ways to Capture HTTP Password in Network PC: wwwhackingarticlesin/3-ways-to-captu

PENTESTING-BIBLE Explore more than 2000 hacking articles saved over time as PDF BROWSE HISTORY Created By Ammar Amer (Twitter @cry__pto) Support Paypal: -1- 3 Ways Extract Password Hashes from NTDSdit: wwwhackingarticlesin/3-ways-extract-password-hashes-from-ntds-dit -2- 3 ways to Capture HTTP Password in Network PC: wwwhackingarticlesin/3-ways-to-captu

PENTESTING-BIBLE Explore more than 2000 hacking articles saved over time as PDF BROWSE HISTORY Created By Ammar Amer (Twitter @cry__pto) Support Paypal: -1- 3 Ways Extract Password Hashes from NTDSdit: wwwhackingarticlesin/3-ways-extract-password-hashes-from-ntds-dit -2- 3 ways to Capture HTTP Password in Network PC: wwwhackingarticlesin/3-ways-to-captu

Awesome Stars A curated list of my GitHub stars! Generated by starred Contents AppleScript Batchfile BitBake C C# C++ CSS Dart Dockerfile Erlang Go HCL HTML Hack Java JavaScript Jupyter Notebook Kotlin Lua Makefile Objective-C Others PHP Pascal Perl PowerShell Python Raku Ruby Rust Scala Shell TypeScript Vala Visual Basic Visual Basic NET Vue AppleScript svg/svgo-osx-fo

PENTESTING-BIBLE Explore more than 2000 hacking articles saved over time as PDF BROWSE HISTORY Created By Ammar Amer (Twitter @cry__pto) Support Paypal: -1- 3 Ways Extract Password Hashes from NTDSdit: wwwhackingarticlesin/3-ways-extract-password-hashes-from-ntds-dit -2- 3 ways to Capture HTTP Password in Network PC: wwwhackingarticlesin/3-ways-to-captu

PENTESTING-BIBLE Explore more than 2000 hacking articles saved over time as PDF BROWSE HISTORY Created By Ammar Amer (Twitter @cry__pto) Support Paypal: -1- 3 Ways Extract Password Hashes from NTDSdit: wwwhackingarticlesin/3-ways-extract-password-hashes-from-ntds-dit -2- 3 ways to Capture HTTP Password in Network PC: wwwhackingarticlesin/3-ways-to-captu

PENTESTING-BIBLE Explore more than 2000 hacking articles saved over time as PDF BROWSE HISTORY Created By Ammar Amer (Twitter @cry__pto) Support Paypal: -1- 3 Ways Extract Password Hashes from NTDSdit: wwwhackingarticlesin/3-ways-extract-password-hashes-from-ntds-dit -2- 3 ways to Capture HTTP Password in Network PC: wwwhackingarticlesin/3-ways-to-captu

PENTESTING-BIBLE Explore more than 2000 hacking articles saved over time as PDF BROWSE HISTORY Created By Ammar Amer (Twitter @cry__pto) Support Paypal: -1- 3 Ways Extract Password Hashes from NTDSdit: wwwhackingarticlesin/3-ways-extract-password-hashes-from-ntds-dit -2- 3 ways to Capture HTTP Password in Network PC: wwwhackingarticlesin/3-ways-to-captu

Middleware-Vulnerability-detection 实时更新较好用最新漏洞EXP,仅供已授权渗透测试使用 2020418项目迎来两位伙伴一起维护 @caizhuang @3ndz Apache --2019 Apache-flink 未授权访问任意 --2019 CVE-2019-0193 Apache-Solr via Velocity template RCE --20203 CVE-2019-17564 Apache-Dubbo反序列化漏洞 --

CVE、CMS、中间件漏洞检测利用合集 Since 2019-9-15

Middleware-Vulnerability-detection 实时更新较好用最新漏洞EXP,仅供已授权渗透测试使用 2020418项目迎来两位伙伴一起维护 @caizhuang @3ndz Apache --2019 Apache-flink 未授权访问任意 --2019 CVE-2019-0193 Apache-Solr via Velocity template RCE --20203 CVE-2019-17564 Apache-Dubbo反序列化漏洞 --2

Middleware-Vulnerability-detection 2020418项目迎来两位伙伴一起维护 @caizhuang @3ND Apache --2019 Apache-flink 未授权访问任意 --2019 CVE-2019-0193 Apache Solr via Velocity template RCE --20203 CVE-2019-17564 Apache Dubbo反序列化漏洞 --20207 CVE-2020-13925 Apache Kylin 远程命令执行

Community curated list of template files for the nuclei engine to find security vulnerability and fingerprinting the targets.

Templates are the core of nuclei scanner which power the actual scanning engine This repository stores and houses various templates for the scanner provided by our team as well as contributed by the community We hope that you also contribute by sending templates via pull requests and grow the list Template Directory ├── LICENSE ├── READMEmd ├── basic-dete

Customized templates originally pulled from `projectdiscovery/nuclei-templates`

Nuclei Templates Templates are the core of nuclei scanner which power the actual scanning engine This repository stores and houses various templates for the scanner provided by our team as well as contributed by the community We hope that you also contribute by sending templates via pull requests or Github issue and grow the list Resources Templates Documentation Contr

Kenzer Templates [1289] TEMPLATE TOOL FILE favinizer favinizer favinizeryaml CVE-2017-5638 jaeles jaeles\cvescan\critical\CVE-2017-5638yaml CVE-2017-6360 jaeles jaeles\cvescan\critical\CVE-2017-6360yaml CVE-2017-6361 jaeles jaeles\cvescan\critical\CVE-2017-6361yaml CVE-2017-9841 jaeles jaeles\cvescan\critical\CVE-2017-9841yaml CVE-2018-16763 jaeles jaeles\

Compiled dataset of Java deserialization CVEs

Java-Deserialization-CVEs This is a dataset of CVEs related to Java Deserialization Since existing CVE databases do not allow for granular searches by vulnerability type and language, this list was compiled by manually searching the NIST NVD CVE database with different queries If you notice any discrepancies, contributions are very welcome! CVE ID Year CVSS 3/31 risk CV

TEMPLATE TOOL FILE favinizer favinizer favinizeryaml CVE-2017-5638 jaeles jaeles\cvescan\critical\CVE-2017-5638yaml CVE-2017-6360 jaeles jaeles\cvescan\critical\CVE-2017-6360yaml CVE-2017-6361 jaeles jaeles\cvescan\critical\CVE-2017-6361yaml CVE-2017-9841 jaeles jaeles\cvescan\critical\CVE-2017-9841yaml CVE-2018-16763 jaeles jaeles\cvescan\critical\CVE-2018-1

Here is a collection about Proof of Concepts of Common Vulnerabilities and Exposures, and you may also want to check out current Contents CVE-2011-2856 CVE-2011-3243 CVE-2013-2618 CVE-2013-6632 CVE-2014-1701 CVE-2014-1705 CVE-2014-1747 CVE-2014-3176 CVE-2014-6332 CVE-2014-7927 CVE-2014-7928 CVE-2015-0072 CVE-2015-0235 CVE-2015-0240 CVE-2015-1233 CVE-2015-1242 CVE-2015-1268 CV

PoC in GitHub 2020 CVE-2020-0014 It is possible for a malicious application to construct a TYPE_TOAST window manually and make that window clickable This could lead to a local escalation of privilege with no additional execution privileges needed User action is needed for exploitationProduct: AndroidVersions: Android-80 Android-81 Android-9 Android-10Android ID: A-1286745

PoC in GitHub 2021 CVE-2021-1056 (2021-01-07) NVIDIA GPU Display Driver for Linux, all versions, contains a vulnerability in the kernel mode layer (nvidiako) in which it does not completely honor operating system file system permissions to provide GPU device-level isolation, which may lead to denial of service or information disclosure pokerfaceSad/CVE-2021-1056 CVE-2021-

PoC in GitHub 2021 CVE-2021-1056 (2021-01-07) NVIDIA GPU Display Driver for Linux, all versions, contains a vulnerability in the kernel mode layer (nvidiako) in which it does not completely honor operating system file system permissions to provide GPU device-level isolation, which may lead to denial of service or information disclosure pokerfaceSad/CVE-2021-1056 CVE-2021-

Awesome CVE PoC A curated list of CVE PoCs Here is a collection about Proof of Concepts of Common Vulnerabilities and Exposures, and you may also want to check out awesome-web-security Please read the contribution guidelines before contributing This repo is full of PoCs for CVEs If you enjoy this awesome list and would like to support it, check out my Patreon page :

PoC in GitHub 2020 CVE-2020-0014 (2020-02-13) It is possible for a malicious application to construct a TYPE_TOAST window manually and make that window clickable This could lead to a local escalation of privilege with no additional execution privileges needed User action is needed for exploitationProduct: AndroidVersions: Android-80 Android-81 Android-9 Android-10Android

PoC auto collect from GitHub.

PoC in GitHub 2020 CVE-2020-0022 In reassemble_and_dispatch of packet_fragmentercc, there is possible out of bounds write due to an incorrect bounds calculation This could lead to remote code execution over Bluetooth with no additional execution privileges needed User interaction is not needed for exploitationProduct: AndroidVersions: Android-80 Android-81 Android-9 Andr

Recent Articles

Linux Devices Under Attack by New FreakOut Malware
Threatpost • Lindsey O'Donnell • 19 Jan 2021

Researchers are warning a novel malware variant is targeting Linux devices, in order to add endpoints to a botnet to then be utilized in distributed-denial-of-service (DDoS)  attacks and cryptomining.
The malware variant, called FreakOut, has a variety of capabilities. Those include port scanning, information gathering and data packet and network sniffing. It is actively adding infected Linux devices to a botnet, and has the ability to launch DDoS and network flooding attacks, as well as ...