Blog
Analysis and takeaways from our offensive engagements and vulnerability research.
Hacking Liferay: From XSS to RCE via CAPTCHA Bypass
AnchorSec’s research team investigate the Liferay application and find a Cross-Site Scripting vulnerability that leads to Remote Code Execution, via CAPTCHA bypass. This blog explains the vulnerability and how it was exploited.