CVE-2011-1571 PoC — Liferay Portal Community Edition XSL Content portlet任意命令执行漏洞

Source

https://github.com/noobpk/CVE-2011-1571

Associated Vulnerability

Title:Liferay Portal Community Edition XSL Content portlet任意命令执行漏洞 (CVE-2011-1571)
Description:Unspecified vulnerability in the XSL Content portlet in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote attackers to execute arbitrary commands via unknown vectors.

Description

Liferay XSL - Command Execution (Metasploit)

Readme

# CVE-2011-1571

## Summary
Unspecified vulnerability in the XSL Content portlet in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote attackers to execute arbitrary commands via unknown vectors.	

* CVE Detail : https://www.cvedetails.com/cve/CVE-2011-1571/
* PoC : http://xhe.myxwiki.org/xwiki/bin/view/XSLT/Application_Liferay
* Metasploit : https://www.exploit-db.com/exploits/18715

File Snapshot


 [4.0K]  /data/pocs/002380b49f8b8e56fcdb12012166b02f71d1bb6f
├── [ 12K]  18715.rb
├── [ 184]  liferay-xee.xml
├── [ 319]  liferay-xee.xsl
├── [ 445]  README.md
├── [4.7K]  xalanj-reading-stdout.xml
└── [4.7K]  xalanj-reading-stdout.xsl

0 directories, 6 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!