Deserialization of Untrusted Data in Liferay Portal prior to 7.2.1 CE GA2 allows remote attackers to execute arbitrary code via JSON web services (JSONWS)
Step 1) Write Your payload in LifExp.java
Step 2) Compile it with javac
Step 3) make your log server (Maybe you want to use "Burp Collaborator Client")
Step 4) Run poc.py
....enjoy it ;) 😇
poc Code Writed by mzer0one 🙏
https://github.com/mzer0one/CVE-2020-7961-POC