Lucene search

K

Omnidocs Multiple Vulnerability

πŸ—“οΈΒ 26 Sep 2011Β 00:00:00Reported byΒ Sohil GargTypeΒ 
zdt
Β zdt
πŸ”—Β 0day.todayπŸ‘Β 45Β Views

Omnidocs" Enterprise Document Management Platform Vulnerabilitie

Show more
Related
Code
ReporterTitlePublishedViews
Family
Exploit DB
Omnidocs - Multiple Vulnerabilities
27 Sep 201100:00
–exploitdb
NVD
CVE-2011-3645
27 Sep 201119:55
–nvd
Packet Storm
Omnidocs Privilege Escalation / Direct Object Access
26 Sep 201100:00
–packetstorm
exploitpack
Omnidocs - Multiple Vulnerabilities
27 Sep 201100:00
–exploitpack
seebug.org
Omnidocs - Multiple Vulnerability
1 Jul 201400:00
–seebug
CVE
CVE-2011-3645
27 Sep 201119:55
–cve
Cvelist
CVE-2011-3645
27 Sep 201119:00
–cvelist
Prion
Design/Logic Flaw
27 Sep 201119:55
–prion
securityvulns
[CVE-2011-3645] Multiple vulnerability in "Omnidocs"
26 Sep 201100:00
–securityvulns
securityvulns
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
26 Sep 201100:00
–securityvulns
Rows per page
--------------------------------------------------------------------
# Exploit Title: Multiple Vulnerability in "Omnidocs"
# Date: 24 Sep 2011
# Author: Sohil Garg
# Software Link: http://www.newgensoft.com/omnidocs.asp
# Version: All
# Tested on: Apache-Coyote/1.1
# CVE : CVE-2011-3645

---------------------------------------------------
"Omnidocs" Multiple vulnerability.
---------------------------------------------------
By  :Sohil Garg
Email :[emailΒ protected]
---------------------------------------------------

Product Description:
OmniDocs is an Enterprise Document Management (EDM) platform for creating, capturing, managing, delivering and archiving large volumes of documents and
 
contents. Also integrates seamlessly with other enterprise applications.

------------------
Vulnerability
------------------

1.Vulnerbility Type
Privilege escalation
 
Affected URL:
http://serverIP/omnidocs/doccab/doclist.jsp?DocListFolderId=927964&FolderType=G&FolderRights=010000000&FolderName=1234&FolderOwner=test&FolderLocation=G&Fold
erAccessType=I&ParentFolderIndex=100&FolderPathFlag=Y&Fetch=5&VolIndex=1&VolIndex=1

Vulnerable Parameter:
FolderRights
 
Exploit
Omnidocs application does not validate 'FolderRights' parameter. This parameter could be modified to '111111111' to get full access including rights to add
documents, add folders, delete folders and place orders.
 
 
 
2.Vulnerability Type
Direct Object Access
 
Sample URL:
http://serverIP/omnidocs/doccab/userprofile/editprofile.jsp
 
Vulnerable Parameter:
UserIndex
 
Exploit:
Omnidocs application does not validate 'UserIndex' parameter. 'UserIndex' parameter is used to access the personal setting page. This parameter can be
changed to other valid numbers thereby gaining access to view or change other user's personal settings.
 
 
Timeline:
Notified Vendor: 01-Sep-2011
No response received from vendor for 3 weeks
Public Disclosure: 23-Sep-2011



#  0day.today [2018-01-05]  #

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. ContactΒ us for a demo andΒ discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
26 Sep 2011 00:00Current
7.1High risk
Vulners AI Score7.1
45
.json
Report