Listen to this Post
The vulnerability is a side-channel timing attack within the object entry functionality. ERC (External Reference Code) values are unique identifiers. The application checks for ERC existence by querying the database. The time taken for a failed lookup (non-existent ERC) is measurably shorter than the time for a successful one (existent ERC). An attacker can send numerous requests with guessed ERCs and analyze the server’s response times. Longer response times confirm a valid ERC, allowing for the enumeration of all valid codes within the system, which can be a precursor to further attacks.
Platform: Liferay Portal/DXP
Version: 7.4.0-7.4.3.128
Vulnerability: Information Disclosure
Severity: Medium
date: 2024
Prediction: 2024-11-15
What Undercode Say:
`$ for erc in {guess_list}; do time curl -s “http://target/api/object/entry?erc=$erc” > /dev/null; done`
`SELECT FROM ObjectEntry WHERE externalReferenceCode = ?`
How Exploit:
Measure response times.
Protection from this CVE
Implement constant-time validation.
Impact:
ERC enumeration.
🎯Let’s Practice Exploiting & Learn Patching For Free:
Sources:
Reported By: github.com
Extra Source Hub:
Undercode
