CVE-2020-7961

This Metasploit module exploits a Java unmarshalling vulnerability in Liferay Portal via JSONWS to achieve remote code execution. It uses a gadget chain involving C3P0WrapperConnPool to trigger deserialization of malicious payloads.

This repository contains a functional exploit PoC for CVE-2020-7961, an unauthenticated remote code execution vulnerability in Liferay Portal 7.2.0 CE GA1 via JSONWS deserialization. The exploit uses a C3P0WrapperConnPool gadget to trigger arbitrary code execution by serving a malicious serialized payload via an HTTP server.

This repository contains a functional exploit for CVE-2020-7961, targeting Liferay Portal's JSON web services API. The script automates the discovery of vulnerable endpoints and executes arbitrary commands via deserialization of malicious objects.

This repository contains a functional exploit for CVE-2020-7961, a deserialization vulnerability in Liferay Portal. The PoC includes a Java payload template (LifExp.java) and a Python script (poc.py) that automates the exploitation process by serving a malicious serialized object via an HTTP server and triggering the vulnerability through JSON web services.

This repository contains a functional exploit for CVE-2020-7961, a deserialization vulnerability in Liferay Portal. The exploit leverages a crafted serialized payload to achieve remote code execution (RCE) on vulnerable Liferay instances.

This repository provides a detailed technical analysis of CVE-2020-7961, a deserialization vulnerability in Liferay Portal's JSON web services. It includes root cause analysis, code paths, and exploit mechanics, demonstrating a deep understanding of the vulnerability.

The repository contains no exploit code or technical details, only a request to purchase a password for $10 via email. This is a clear social engineering lure.

This repository contains a functional exploit for CVE-2020-7961, a deserialization vulnerability in Liferay Portal. The PoC leverages a crafted serialized object to achieve remote code execution (RCE) by exploiting insecure deserialization in the JSONWS API.

The repository contains a Go-based scanner for detecting CVE-2020-7961 in Liferay Portal. It checks for a deserialization vulnerability by sending a POST request to the `/api/jsonws/invoke` endpoint and analyzing the response for a specific error message.

This repository contains a functional exploit for CVE-2020-7961, a deserialization vulnerability in Liferay Portal. The exploit includes both a scanner (liferay.go) and an exploit script (liferay-exploit.py) that demonstrates remote code execution (RCE) by sending a crafted serialized payload to the vulnerable endpoint.

This Metasploit module exploits a Java unmarshalling vulnerability in Liferay Portal via JSONWS to achieve remote code execution. It uses a gadget chain involving C3P0WrapperConnPool to trigger deserialization of malicious payloads.