CVE-2011-1571 PoC — Liferay Portal Community Edition XSL Content portlet任意命令执行漏洞

Source

https://github.com/noobpk/CVE-2011-1571

Associated Vulnerability

Title:Liferay Portal Community Edition XSL Content portlet任意命令执行漏洞 (CVE-2011-1571)
Description:当Apache Tomcat启用时，Liferay Portal Community Edition (CE) 5.x版本和6.0.6 GA版本之前的6.x版本的XSL Content portlet中存在未明漏洞。远程攻击者可以借助未知向量执行任意命令。

Description

Liferay XSL - Command Execution (Metasploit)

Readme

# CVE-2011-1571

## Summary
Unspecified vulnerability in the XSL Content portlet in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote attackers to execute arbitrary commands via unknown vectors.	

* CVE Detail : https://www.cvedetails.com/cve/CVE-2011-1571/
* PoC : http://xhe.myxwiki.org/xwiki/bin/view/XSLT/Application_Liferay
* Metasploit : https://www.exploit-db.com/exploits/18715

File Snapshot


 [4.0K]  /data/pocs/002380b49f8b8e56fcdb12012166b02f71d1bb6f
├── [ 12K]  18715.rb
├── [ 184]  liferay-xee.xml
├── [ 319]  liferay-xee.xsl
├── [ 445]  README.md
├── [4.7K]  xalanj-reading-stdout.xml
└── [4.7K]  xalanj-reading-stdout.xsl

0 directories, 6 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!