OpenText Document Sciences xPression 4.5SP1 Patch 13 documentId SQL Injection

2017.10.03

Credit: Marcin Woloszyn

Risk: Medium

Local: No

Remote: Yes

CVE: CVE-2017-14757

CWE: CWE-89

Ogólna skala CVSS: 6.5/10

Znaczenie: 6.4/10

Łatwość wykorzystania: 8/10

Wymagany dostęp: Zdalny

Złożoność ataku: Niska

Autoryzacja: Jednorazowa

Wpływ na poufność: Częściowy

Wpływ na integralność: Częściowy

Wpływ na dostępność: Częściowy

Title: OpenText Document Sciences xPression (formerly EMC Document
Sciences xPression) - SQL Injection
Author: Marcin Woloszyn
Date: 27. September 2017
CVE: CVE-2017-14757

Affected Software:
==================
OpenText Document Sciences xPression (formerly EMC Document Sciences xPression)

Exploit was tested on:
======================
v4.5SP1 Patch 13 (older versions might be affected as well)

SQL Injection:
==============

Due to lack of prepared statements an application is prone to SQL
Injection attacks.
Potential attacker can retrieve data from application database by
exploiting the issue.

Vector :
--------

https://[...]/xAdmin/html/cm_doclist_view_uc.jsp?cat_id=503&documentId=185365177756%20and%201=1&documentType=xDesignPublish&documentName=ContractRealEstate

            ^
Results can be retrieved using blind SQL injection method.

Fix:
====
https://knowledge.opentext.com/knowledge/llisapi.dll/Open/68982774

Contact:
========
mw[at]nme[dot]pl

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

OpenText Document Sciences xPression 4.5SP1 Patch 13 documentId SQL Injection

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.