Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

Liferay /api/axis - API Exposed

By kannthu

Informative
Vidoc logoVidoc Module
#misconfig#exposure#liferay#api
Description

What is the "Liferay /api/axis - API Exposed?" module?

The "Liferay /api/axis - API Exposed" module is designed to detect the exposure of the Liferay API. Liferay is a software platform that provides enterprise portal solutions. This module focuses on identifying potential misconfigurations that could lead to the exposure of sensitive API endpoints.

This module has an informative severity level, which means it provides valuable information about potential vulnerabilities or misconfigurations without directly impacting the security of the system.

Impact

If the Liferay API is exposed due to misconfigurations, it could potentially allow unauthorized access to sensitive data or functionality. This could lead to data breaches, unauthorized modifications, or other security risks.

How the module works?

The "Liferay /api/axis - API Exposed" module works by sending a GET request to the "/api/axis" endpoint of the target system. It then applies a set of matching conditions to determine if the API is exposed.

The matching conditions for this module are as follows:

- The response body must contain the HTML tag "<h2>And now... Some Services</h2>". - The response header must include the word "text/html". - The HTTP status code must be 200 (OK).

If all of these conditions are met, the module will report a potential exposure of the Liferay API.

Note: This module is an informative module and does not directly exploit any vulnerabilities or misconfigurations. It serves as a valuable tool for identifying potential security risks related to the exposure of the Liferay API.

Module preview

Concurrent Requests (1)
1. HTTP Request template
GET/api/axis
Matching conditions
regex: .*<h2>And now\.\.\. Some Services<\/h2>....and
word: text/htmland
status: 200
Passive global matcher
No matching conditions.
On match action
Report vulnerability