java
Reply
 
Thread Tools Search this Thread Display Modes
  #1  
Old 07-04-2012, 04:22
Java-monitor RSS bot Java-monitor RSS bot is offline
Resident RSS bot
 
Join Date: Jun 2011
Posts: 1,185
Default Liferay XSL Command Execution

This Metasploit module exploits a vulnerability in the XSL parser of the XSL Content Portlet. When Tomcat is present, arbitrary code can be executed via java calls in the data fed to the Xalan XSLT processor. If XSLPAGE is defined, the user must have rights to change the content of that page (to add a new XSL portlet), otherwise it can be left blank and a new one will be created. The second method however, requires administrative privileges.

More...
Reply With Quote
Reply

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump