Automate Recon and scanning process with Vidoc. All security teams in one place
By kannthu
The "Liferay /api/liferay - API Exposed" module is a test case designed to detect the exposure of the Liferay API. Liferay is a software platform that provides enterprise portal solutions and content management systems. This module focuses on identifying potential misconfigurations or vulnerabilities related to the Liferay API.
The severity of this module is classified as informative, which means it provides valuable information but does not indicate a critical security issue.
This module was authored by DhiyaneshDk.
This module aims to identify any potential misconfigurations or vulnerabilities in the Liferay API. If any issues are detected, it could indicate a security risk that may allow unauthorized access or expose sensitive information.
The "Liferay /api/liferay - API Exposed" module utilizes HTTP request templates and matching conditions to perform its scan. It sends a GET request to the "/api/liferay" endpoint and evaluates the response based on specific criteria.
The matching conditions for this module include:
- Checking the response body for the presence of the phrase "Internal Server Error" and "An error occurred while accessing the requested resource." - Verifying that the response header contains the word "text/html". - Ensuring that the response status code is 404 (Not Found).If all of these conditions are met, the module will report a potential vulnerability or misconfiguration related to the Liferay API.
For more information, you can refer to the LiferayAPI.java file on GitHub.
Metadata:
Verified: true
Shodan-query: title:"Liferay"