The vulnerability involves a specially crafted WebDAV request with an external entity to read local files on Liferay Portal 6.0.x. The exploit leverages XML External Entity (XXE) injection to disclose sensitive files such as configuration files or SSH keys.
Classification
Writeup 90%
Attack Type
Info Leak
Complexity
Moderate
Reliability
Reliable
Target:Liferay Portal 6.0.5 CE, 6.0.6 CE
No auth needed
Prerequisites:Network access to the Liferay Portal WebDAV service