Lucene search

K

Omnidocs - Multiple Vulnerabilities

🗓️ 27 Sep 2011 00:00:00Reported by Sohil GargType 
exploitpack
 exploitpack
👁 17 Views

Omnidocs" Enterprise Document Management platform multiple vulnerabilitie

Show more
Related
Code
ReporterTitlePublishedViews
Family
Exploit DB
Omnidocs - Multiple Vulnerabilities
27 Sep 201100:00
exploitdb
NVD
CVE-2011-3645
27 Sep 201119:55
nvd
Packet Storm
Omnidocs Privilege Escalation / Direct Object Access
26 Sep 201100:00
packetstorm
0day.today
Omnidocs Multiple Vulnerability
26 Sep 201100:00
zdt
CVE
CVE-2011-3645
27 Sep 201119:55
cve
Cvelist
CVE-2011-3645
27 Sep 201119:00
cvelist
Prion
Design/Logic Flaw
27 Sep 201119:55
prion
securityvulns
[CVE-2011-3645] Multiple vulnerability in "Omnidocs"
26 Sep 201100:00
securityvulns
securityvulns
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
26 Sep 201100:00
securityvulns
seebug.org
Omnidocs - Multiple Vulnerability
1 Jul 201400:00
seebug
Rows per page
--------------------------------------------------------------------
# Exploit Title: Multiple Vulnerability in "Omnidocs"
# Date: 24 Sep 2011
# Author: Sohil Garg
# Software Link: http://www.newgensoft.com/omnidocs.asp
# Version: All
# Tested on: Apache-Coyote/1.1
# CVE : CVE-2011-3645
�
---------------------------------------------------
"Omnidocs" Multiple vulnerability.
---------------------------------------------------
By � � � :Sohil Garg
Email � �:[email protected]
---------------------------------------------------
�
Product Description:
OmniDocs is an Enterprise Document Management (EDM) platform for creating, capturing, managing, delivering and archiving large volumes of documents and�

contents. Also integrates seamlessly with other enterprise applications.
�
------------------
Vulnerability
------------------
�
1.Vulnerbility Type
Privilege escalation

Affected URL:�
http://serverIP/omnidocs/doccab/doclist.jsp?DocListFolderId=927964&FolderType=G&FolderRights=010000000&FolderName=1234&FolderOwner=test&FolderLocation=G&Fold
erAccessType=I&ParentFolderIndex=100&FolderPathFlag=Y&Fetch=5&VolIndex=1&VolIndex=1
�
Vulnerable Parameter:�
FolderRights

Exploit
Omnidocs application does not validate 'FolderRights' parameter. This parameter could be modified to '111111111' to get full access including rights to add�
documents, add folders, delete folders and place orders.



2.Vulnerability Type
Direct Object Access

Sample URL:
http://serverIP/omnidocs/doccab/userprofile/editprofile.jsp

Vulnerable Parameter:
UserIndex

Exploit:
Omnidocs application does not validate 'UserIndex' parameter. 'UserIndex' parameter is used to access the personal setting page. This parameter can be�
changed to other valid numbers thereby gaining access to view or change other user's personal settings.


Timeline:
Notified Vendor: 01-Sep-2011
No response received from vendor for 3 weeks
Public Disclosure: 23-Sep-2011


-----------------------------------------------------
Greetz to:
1] Nikhil Mittal

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo