Skip to content

Instantly share code, notes, and snippets.

Andrey B. Panfilov andreybpanfilov

Block or report user

Report or block andreybpanfilov

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
@andreybpanfilov
andreybpanfilov / d2.html
Created Jan 5, 2018
View d2.html
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Hello, World!</title>
</head>
<body>
<input type='button' value='Test D2' onclick='exec()'>
@andreybpanfilov
andreybpanfilov / CVE-2017-15276.py
Last active Oct 12, 2017
View CVE-2017-15276.py
#!/usr/bin/env python
# Opentext Documentum Content Server (formerly known as EMC Documentum Content Server)
# contains following design gap, which allows authenticated user to gain privileges
# of superuser:
#
# Content Server allows to upload content using batches (TAR archives), when unpacking
# TAR archives Content Server fails to verify contents of TAR archive which
# causes path traversal vulnerability via symlinks, because some files on Content Server
# filesystem are security-sensitive the security flaw described above leads to
@andreybpanfilov
andreybpanfilov / AuthenticationServiceCustom.java
Created Oct 1, 2017
View AuthenticationServiceCustom.java
package com.documentum.web.formext.session;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import com.documentum.fc.client.IDfSession;
import com.documentum.fc.client.IDfSessionManager;
import com.documentum.fc.common.DfException;
import com.documentum.fc.common.DfLoginInfo;
import com.documentum.fc.common.IDfLoginInfo;
@andreybpanfilov
andreybpanfilov / CVE-2017-15012.py
Last active Oct 4, 2017
View CVE-2017-15012.py
#!/usr/bin/env python
# Opentext Documentum Content Server (formerly known as EMC Documentum Content Server)
# does not properly validate input of PUT_FILE RPC-command which allows any
# authenticated user to hijack arbitrary file from Content Server filesystem,
# because some files on Content Server filesystem are security-sensitive
# the security flaw described above leads to privilege escalation
#
# The PoC below demonstrates this vulnerability:
#
@andreybpanfilov
andreybpanfilov / CVE-2017-15013.py
Last active Oct 22, 2018
View CVE-2017-15013.py
#!/usr/bin/env python
# Opentext Documentum Content Server (formerly known as EMC Documentum Content Server)
# contains following design gap, which allows authenticated user to gain privileges
# of superuser:
#
# Content Server stores information about uploaded files in dmr_content objects,
# which are queryable and "editable" (before release 7.2P02 any authenticated user
# was able to edit dmr_content objects, now any authenticated user may delete
# dmr_content object and them create new one with the old identifier) by
@andreybpanfilov
andreybpanfilov / CVE-2017-15014.py
Last active Oct 4, 2017
View CVE-2017-15014.py
#!/usr/bin/env python
# Opentext Documentum Content Server (formerly known as EMC Documentum Content Server)
# contains following design gap, which allows authenticated user to download arbitrary
# content files regardless attacker's repository permissions:
#
# when authenticated user upload content to repository he performs following steps:
# - calls START_PUSH RPC-command
# - uploads file to content server
# - calls END_PUSH_V2 RPC-command, here Content Server returns DATA_TICKET,
@andreybpanfilov
andreybpanfilov / JmeterCreateUCFSession.groovy
Last active Sep 29, 2017
View JmeterCreateUCFSession.groovy
import com.documentum.ucf.client.ClientFactory
import com.documentum.ucf.client.transport.IClientRequest
import com.documentum.ucf.client.transport.IRequestHandler
import com.documentum.ucf.client.transport.IResultPackage
import com.documentum.ucf.client.transport.impl.BaseResultPackage
import com.documentum.ucf.client.transport.impl.ClientSession
import com.documentum.ucf.client.transport.impl.RequestProcessor
import com.documentum.ucf.client.transport.requesthandlers.spi.BaseRequestHandler
import com.documentum.ucf.client.transport.requesthandlers.spi.RequestHandlerMismatchException
import com.documentum.ucf.common.UCFMessageCodes
@andreybpanfilov
andreybpanfilov / ZipFileTest.java
Last active Jul 26, 2017
View ZipFileTest.java
import java.io.File;
import java.io.FileOutputStream;
import java.io.IOException;
import java.util.Enumeration;
import java.util.zip.ZipEntry;
import java.util.zip.ZipFile;
import java.util.zip.ZipOutputStream;
public class ZipFileTest {
@andreybpanfilov
andreybpanfilov / FixBofFile.java
Created Jul 25, 2017
View FixBofFile.java
import java.io.File;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.net.JarURLConnection;
import java.net.URL;
import java.util.Enumeration;
import java.util.zip.ZipEntry;
import java.util.zip.ZipFile;
import java.util.zip.ZipOutputStream;
@andreybpanfilov
andreybpanfilov / ConnectionsTest.java
Created May 10, 2017
View ConnectionsTest.java
package pro.documentum.util;
import java.util.ArrayList;
import java.util.List;
import org.junit.Test;
import com.documentum.fc.client.IDfQuery;
import com.documentum.fc.client.IDfSession;
import com.documentum.fc.common.DfException;
You can’t perform that action at this time.