bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/jsp/webapps/17897.txt
Offensive Security 36c084c351 DB: 2021-09-03 
45419 changes to exploits/shellcodes

2 new exploits/shellcodes

Too many to list!
2021-09-03 13:39:06 +00:00

64 lines
No EOL
2 KiB
Text
Raw Permalink Blame History

--------------------------------------------------------------------
# Exploit Title: Multiple Vulnerability in "Omnidocs"
# Date: 24 Sep 2011
# Author: Sohil Garg
# Software Link: http://www.newgensoft.com/omnidocs.asp
# Version: All
# Tested on: Apache-Coyote/1.1
# CVE : CVE-2011-3645
<EFBFBD>
---------------------------------------------------
"Omnidocs" Multiple vulnerability.
---------------------------------------------------
By <20> <20> <20> :Sohil Garg
Email <20> <20>:sohil_garg@yahoo.co.in
---------------------------------------------------
<EFBFBD>
Product Description:
OmniDocs is an Enterprise Document Management (EDM) platform for creating, capturing, managing, delivering and archiving large volumes of documents and<6E>
contents. Also integrates seamlessly with other enterprise applications.
<EFBFBD>
------------------
Vulnerability
------------------
<EFBFBD>
1.Vulnerbility Type
Privilege escalation
Affected URL:<3A>
http://serverIP/omnidocs/doccab/doclist.jsp?DocListFolderId=927964&FolderType=G&FolderRights=010000000&FolderName=1234&FolderOwner=test&FolderLocation=G&Fold
erAccessType=I&ParentFolderIndex=100&FolderPathFlag=Y&Fetch=5&VolIndex=1&VolIndex=1
<EFBFBD>
Vulnerable Parameter:<3A>
FolderRights
Exploit
Omnidocs application does not validate 'FolderRights' parameter. This parameter could be modified to '111111111' to get full access including rights to add<64>
documents, add folders, delete folders and place orders.
2.Vulnerability Type
Direct Object Access
Sample URL:
http://serverIP/omnidocs/doccab/userprofile/editprofile.jsp
Vulnerable Parameter:
UserIndex
Exploit:
Omnidocs application does not validate 'UserIndex' parameter. 'UserIndex' parameter is used to access the personal setting page. This parameter can be<62>
changed to other valid numbers thereby gaining access to view or change other user's personal settings.
Timeline:
Notified Vendor: 01-Sep-2011
No response received from vendor for 3 weeks
Public Disclosure: 23-Sep-2011
-----------------------------------------------------
Greetz to:
1] Nikhil Mittal
Reference in a new issue View git blame Copy permalink