Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

Liferay /api/jsonws - API Exposed

By kannthu

Low
Vidoc logoVidoc Module
#liferay#exposure#api
Description

What is the "Liferay /api/jsonws - API Exposed?" module?

The "Liferay /api/jsonws - API Exposed" module is designed to detect the exposure of the Liferay API. Liferay is a software platform that provides a range of tools and features for building and managing web applications. This module focuses specifically on the /api/jsonws endpoint, which is used for accessing Liferay's JSON web services API.

This module has a low severity level, indicating that the detected vulnerability or misconfiguration may have limited impact or pose a lower risk.

This module was authored by DhiyaneshDk.

Impact

If the Liferay /api/jsonws API is exposed, it can potentially lead to security risks. Exposing APIs without proper authentication and authorization mechanisms can allow unauthorized access to sensitive data or enable malicious actors to exploit vulnerabilities in the API implementation.

How does the module work?

The module works by sending a GET request to the /api/jsonws endpoint and applying a set of matching conditions to determine if the API is exposed.

Matching conditions:

- The response body must contain the string "<title>json-web-services-api</title>". - The response header must include the word "text/html". - The response status code must be 200.

If all of these conditions are met, the module considers the API to be exposed.

Example HTTP request:

GET /api/jsonws

Note: The above example is a simplified representation of the HTTP request sent by the module.

Module preview

Concurrent Requests (1)
1. HTTP Request template
GET/api/jsonws
Matching conditions
regex: .*<title>json-web-services-api<\/title>....and
word: text/htmland
status: 200
Passive global matcher
No matching conditions.
On match action
Report vulnerability