Omnidocs plurality of defect and repair-vulnerability warning-the black bar safety net

2011-09-28T00:00:00
ID MYHACK58:62201131957
Type myhack58
Reporter 佚名
Modified 2011-09-28T00:00:00

Description

Title: Multiple Vulnerability in "Omnidocs"

Author: Sohil Garg www.2cto.com

Download address: <http://www.newgensoft.com/omnidocs.asp>

Affected versions: All

Test platform: Apache-Coyote/1.1

CVE : CVE-2 0 1 1-3 6 4 5

"Omnidocs" multiple defects

PRODUCT DESCRIPTION:

OmniDocs is an Enterprise Document Management (EDM) platform for creating, capturing, managing, delivering and archiving large volumes of documents and�

contents. Also the HTML documentation in French seamlessly with other enterprise applications.

Defects:

------------------

  1. Defect category

Privilege escalation

Affected URL:�

<http://www.2cto.com> /omnidocs/doccab/doclist. jsp? DocListFolderId=9 2 7 9 6 4&FolderType=G&FolderRights=0 1 0 0 0 0 0 0 0&FolderName=1 2 3 4&FolderOwner=test&FolderLocation=G&Fold

erAccessType=I&ParentFolderIndex=1 0 0&FolderPathFlag=Y&Fetch=5&VolIndex=1&VolIndex=1

Vulnerable Parameter:�

FolderRights

Example

Omnidocs application does not validate 'FolderRights' parameter. This parameter could be modified to '1 1 1 1 1 1 1 1 1' to get full access including rights to add�

documents, add folders, delete folders and place orders.

  1. Defect category

Direct Object Access

Sample URL:

<http://www.92hack.net/omnidocs/doccab/userprofile/editprofile.jsp>

Vulnerable Parameter:

UserIndex

Example:

Omnidocs application does not validate 'UserIndex' parameter. 'UserIndex' parameter is used to access the personal setting page. This parameter can be�

changed to other valid numbers, thereby gaining access to view or change other user's personal settings.

Timeline:

Notified Vendor: 0 1-Sep-2 0 1 1

No response received from vendor for 3 weeks

Public Disclosure: 2 3-Sep-2 0 1 1

Greetz to:

1] Nikhil Mittal