Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

Liferay /api/liferay - API Exposed

By kannthu

Informative
Vidoc logoVidoc Module
#liferay#exposure#api
Description

What is the "Liferay /api/liferay - API Exposed?" module?

The "Liferay /api/liferay - API Exposed" module is a test case designed to detect the exposure of the Liferay API. Liferay is a software platform that provides enterprise portal solutions and content management systems. This module focuses on identifying potential misconfigurations or vulnerabilities related to the Liferay API.

The severity of this module is classified as informative, which means it provides valuable information but does not indicate a critical security issue.

This module was authored by DhiyaneshDk.

Impact

This module aims to identify any potential misconfigurations or vulnerabilities in the Liferay API. If any issues are detected, it could indicate a security risk that may allow unauthorized access or expose sensitive information.

How does the module work?

The "Liferay /api/liferay - API Exposed" module utilizes HTTP request templates and matching conditions to perform its scan. It sends a GET request to the "/api/liferay" endpoint and evaluates the response based on specific criteria.

The matching conditions for this module include:

- Checking the response body for the presence of the phrase "Internal Server Error" and "An error occurred while accessing the requested resource." - Verifying that the response header contains the word "text/html". - Ensuring that the response status code is 404 (Not Found).

If all of these conditions are met, the module will report a potential vulnerability or misconfiguration related to the Liferay API.

For more information, you can refer to the LiferayAPI.java file on GitHub.

Metadata:

Verified: true

Shodan-query: title:"Liferay"

Module preview

Concurrent Requests (1)
1. HTTP Request template
GET/api/liferay
Matching conditions
regex: .*Internal Server Error.*An error occurr...and
word: text/htmland
status: 404
Passive global matcher
No matching conditions.
On match action
Report vulnerability