标题: Multiple Vulnerability in "Omnidocs"
作者: Sohil Garg www.2cto.com
下载 地址: http://www.newgensoft.com/omnidocs.asp
影响版本: All
测试平台: Apache-Coyote/1.1
# CVE : CVE-2011-3645
"Omnidocs" 多个缺陷
产品描述:
OmniDocs is an Enterprise Document Management (EDM) platform for creating, capturing, managing, delivering and archiving large volumes of documents and�
contents. Also integrates seamlessly with other enterprise applications.
缺陷:
------------------
�
1.缺陷类别
Privilege escalation
Affected URL:�
http://www.2cto.com /omnidocs/doccab/doclist. jsp ?DocListFolderId=927964&FolderType=G&FolderRights=010000000&FolderName=1234&FolderOwner=test&FolderLocation=G&Fold
erAccessType=I&ParentFolderIndex=100&FolderPathFlag=Y&Fetch=5&VolIndex=1&VolIndex=1
�
Vulnerable Parameter:�
FolderRights
示例
Omnidocs application does not validate 'FolderRights' parameter. This parameter could be modified to '111111111' to get full access including rights to add�
documents, add folders, delete folders and place orders.
2.缺陷类别
Direct Object Access
Sample URL:
http://www.2cto.com /omnidocs/doccab/userprofile/editprofile.jsp
Vulnerable Parameter:
UserIndex
示例:
Omnidocs application does not validate 'UserIndex' parameter. 'UserIndex' parameter is used to access the personal setting page. This parameter can be�
changed to other valid numbers thereby gaining access to view or change other user's personal settings.
Timeline:
Notified Vendor: 01-Sep-2011
No response received from vendor for 3 weeks
Public Disclosure: 23-Sep-2011
Greetz to:
1] Nikhil Mittal
查看更多关于Omnidocs多个缺陷及修复 - 网站安全 - 自学php的详细内容...