Omnidocs plurality of defect and repair-vulnerability warning-the black bar safety net

ID MYHACK58:62201131957
Type myhack58
Reporter 佚名
Modified 2011-09-28T00:00:00


Title: Multiple Vulnerability in "Omnidocs"

Author: Sohil Garg

Download address: <>

Affected versions: All

Test platform: Apache-Coyote/1.1

CVE : CVE-2 0 1 1-3 6 4 5

"Omnidocs" multiple defects


OmniDocs is an Enterprise Document Management (EDM) platform for creating, capturing, managing, delivering and archiving large volumes of documents and�

contents. Also the HTML documentation in French seamlessly with other enterprise applications.



  1. Defect category

Privilege escalation

Affected URL:�

<> /omnidocs/doccab/doclist. jsp? DocListFolderId=9 2 7 9 6 4&FolderType=G&FolderRights=0 1 0 0 0 0 0 0 0&FolderName=1 2 3 4&FolderOwner=test&FolderLocation=G&Fold

erAccessType=I&ParentFolderIndex=1 0 0&FolderPathFlag=Y&Fetch=5&VolIndex=1&VolIndex=1

Vulnerable Parameter:�



Omnidocs application does not validate 'FolderRights' parameter. This parameter could be modified to '1 1 1 1 1 1 1 1 1' to get full access including rights to add�

documents, add folders, delete folders and place orders.

  1. Defect category

Direct Object Access

Sample URL:


Vulnerable Parameter:



Omnidocs application does not validate 'UserIndex' parameter. 'UserIndex' parameter is used to access the personal setting page. This parameter can be�

changed to other valid numbers, thereby gaining access to view or change other user's personal settings.


Notified Vendor: 0 1-Sep-2 0 1 1

No response received from vendor for 3 weeks

Public Disclosure: 2 3-Sep-2 0 1 1

Greetz to:

1] Nikhil Mittal