标题: Multiple Vulnerability in "Omnidocs"

作者: Sohil Garg www.2cto.com

下载地址: http://www.newgensoft.com/omnidocs.asp

影响版本: All

测试平台: Apache-Coyote/1.1

# CVE : CVE-2011-3645

 

"Omnidocs" 多个缺陷

 

产品描述:

OmniDocs is an Enterprise Document Management (EDM) platform for creating, capturing, managing, delivering and archiving large volumes of documents and�

 

contents. Also integrates seamlessly with other enterprise applications.

缺陷：

------------------

�

1.缺陷类别

Privilege escalation

 

Affected URL:�

http://www.2cto.com /omnidocs/doccab/doclist.jsp?DocListFolderId=927964&FolderType=G&FolderRights=010000000&FolderName=1234&FolderOwner=test&FolderLocation=G&Fold

erAccessType=I&ParentFolderIndex=100&FolderPathFlag=Y&Fetch=5&VolIndex=1&VolIndex=1

�

Vulnerable Parameter:�

FolderRights

 

示例

Omnidocs application does not validate 'FolderRights' parameter. This parameter could be modified to '111111111' to get full access including rights to add�

documents, add folders, delete folders and place orders.

 

 

 

2.缺陷类别

Direct Object Access

 

Sample URL:

http://www.2cto.com /omnidocs/doccab/userprofile/editprofile.jsp

 

Vulnerable Parameter:

UserIndex

 

示例:

Omnidocs application does not validate 'UserIndex' parameter. 'UserIndex' parameter is used to access the personal setting page. This parameter can be�

changed to other valid numbers thereby gaining access to view or change other user's personal settings.

 

 

Timeline:

Notified Vendor: 01-Sep-2011

No response received from vendor for 3 weeks

Public Disclosure: 23-Sep-2011

 

Greetz to:

1] Nikhil Mittal