Please note that this post is about a disputed vulnerability. The vendor has refuted this issue, as the exploit reference link only demonstrates the accessibility of the frmfolders.html file, but does not show how an unauthorized user can actually upload a file. Proceed with caution and do your own research before taking any actions.

Introduction

A claimed, yet disputed, vulnerability has been reported in Liferay Portal 6.2.5, which can supposedly allow an unauthorized user to upload files to the application by performing a specific request. In this post, we will discuss the details of this vulnerability and its potential impact. It is important to note that this information is not intended to be exploited by attackers, but rather to raise awareness among Liferay Portal users and promote the necessity to stay up to date with security practices.

Vulnerability Details (CVE-2021-33990)

The vulnerability, designated as CVE-2021-33990, is being reported in Liferay Portal 6.2.5, and it is claimed that it allows unauthorized file uploads through a specific type of request. More specifically, an attacker can supposedly upload a file by sending a request with the following parameters:

Command=FileUpload&Type=File&CurrentFolder=/

However, it is worth mentioning that the validity of this vulnerability is disputed by the vendor, who argues that the exploit reference link only demonstrates the accessibility of the frmfolders.html file, but does not show how an unauthorized user can actually upload a file.

Here is a code snippet to demonstrate a potential approach to send the above-mentioned request

import requests

url = "http://target.com/ckeditor/filemanager/connectors/frmfolders.html";
file_to_upload = {'upload': ('test.txt', 'sample content')}

payload = {
    "Command": "FileUpload",
    "Type": "File",
    "CurrentFolder": "/"
}

response = requests.post(url, data=payload, files=file_to_upload)

For further information on this vulnerability, the following resources can be consulted

- National Vulnerability Database (NVD) - Provides a summary and details about the reported vulnerability. Note that the earlier mentioned dispute is mentioned in the NVD's description.
- Exploit Database - Notes the release of a proof-of-concept exploit for the vulnerability in question. It is important to keep in mind that this exploit has been disputed by the vendor representatives.
- Liferay Portal - Official website for Liferay Portal, the affected software.

Importance of Security Awareness

Despite the dispute surrounding this particular vulnerability, this serves as a reminder for organizations using Liferay Portal or any other application to stay updated with the best security practices. Ensuring proper access controls, keeping the software updated, and having a proactive cybersecurity approach can help prevent unauthorized users from exploiting any potential vulnerabilities in the software.

Final Note

It is crucial for individuals and organizations to stay informed about potential vulnerabilities in their software and services. Please make sure to verify the information from the provided sources and stay updated with the latest security patches from the vendors.

Timeline

Published on: 04/16/2023 04:15:00 UTC
Last modified on: 04/26/2023 20:15:00 UTC