Liferay 3: Attackers could steal the sessions of your users with the following technique.

5 March 2018

The vulnerability in this article has been corrected in the Liferay's current, latest version. We consider it extremely important to keep the used system up-to-date. The following article shows an example of a vulnerability in an outdated Liferay version.

If you are logged in to a vulnerable system, then you are only one click away from getting your session stolen. Just a question: have you clicked a shortened url recently?

Level of security risk: Medium

Details:
An attacker could run arbitrary client side (JavaScript) code in the victim’s browser, hence stealing his/her cookies and his/her session. If the victim has administrator roles, then the attacker could run arbitrary code on the server too.
More details:
https://issues.liferay.com/browse/LPS-24842

Risk:
An attacker could act in the name of an other user and with the given user’s privileges.

Proof of concept:
Open the following link in Firefox:
http://[login_page]?p_auth=kvSJm8FR&p_p_id=58&p_p_lifecycle=1&p_p_state=normal&p_p_mode=view&p_p_col_id=column-2&p_p_col_pos=1&p_p_col_count=2&saveLastPath=0&_58_struts_action=%2Flogin%2Flogin&_58_doActionAfterLogin=false&_58_rememberMe=%22%3E%3Cimg%20src=%22%22%20onerror=%22alert(document.cookie);%22%3E