Skip to content

Instantly share code, notes, and snippets.

Andrey B. Panfilov andreybpanfilov

Block or report user

Report or block andreybpanfilov

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
View d2.html
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Hello, World!</title>
</head>
<body>
<input type='button' value='Test D2' onclick='exec()'>
View CVE-2017-15276.py
#!/usr/bin/env python
# Opentext Documentum Content Server (formerly known as EMC Documentum Content Server)
# contains following design gap, which allows authenticated user to gain privileges
# of superuser:
#
# Content Server allows to upload content using batches (TAR archives), when unpacking
# TAR archives Content Server fails to verify contents of TAR archive which
# causes path traversal vulnerability via symlinks, because some files on Content Server
# filesystem are security-sensitive the security flaw described above leads to
View AuthenticationServiceCustom.java
package com.documentum.web.formext.session;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import com.documentum.fc.client.IDfSession;
import com.documentum.fc.client.IDfSessionManager;
import com.documentum.fc.common.DfException;
import com.documentum.fc.common.DfLoginInfo;
import com.documentum.fc.common.IDfLoginInfo;
View CVE-2017-15012.py
#!/usr/bin/env python
# Opentext Documentum Content Server (formerly known as EMC Documentum Content Server)
# does not properly validate input of PUT_FILE RPC-command which allows any
# authenticated user to hijack arbitrary file from Content Server filesystem,
# because some files on Content Server filesystem are security-sensitive
# the security flaw described above leads to privilege escalation
#
# The PoC below demonstrates this vulnerability:
#
View CVE-2017-15013.py
#!/usr/bin/env python
# Opentext Documentum Content Server (formerly known as EMC Documentum Content Server)
# contains following design gap, which allows authenticated user to gain privileges
# of superuser:
#
# Content Server stores information about uploaded files in dmr_content objects,
# which are queryable and "editable" (before release 7.2P02 any authenticated user
# was able to edit dmr_content objects, now any authenticated user may delete
# dmr_content object and them create new one with the old identifier) by
View CVE-2017-15014.py
#!/usr/bin/env python
# Opentext Documentum Content Server (formerly known as EMC Documentum Content Server)
# contains following design gap, which allows authenticated user to download arbitrary
# content files regardless attacker's repository permissions:
#
# when authenticated user upload content to repository he performs following steps:
# - calls START_PUSH RPC-command
# - uploads file to content server
# - calls END_PUSH_V2 RPC-command, here Content Server returns DATA_TICKET,
View JmeterCreateUCFSession.groovy
import com.documentum.ucf.client.ClientFactory
import com.documentum.ucf.client.transport.IClientRequest
import com.documentum.ucf.client.transport.IRequestHandler
import com.documentum.ucf.client.transport.IResultPackage
import com.documentum.ucf.client.transport.impl.BaseResultPackage
import com.documentum.ucf.client.transport.impl.ClientSession
import com.documentum.ucf.client.transport.impl.RequestProcessor
import com.documentum.ucf.client.transport.requesthandlers.spi.BaseRequestHandler
import com.documentum.ucf.client.transport.requesthandlers.spi.RequestHandlerMismatchException
import com.documentum.ucf.common.UCFMessageCodes
View ZipFileTest.java
import java.io.File;
import java.io.FileOutputStream;
import java.io.IOException;
import java.util.Enumeration;
import java.util.zip.ZipEntry;
import java.util.zip.ZipFile;
import java.util.zip.ZipOutputStream;
public class ZipFileTest {
View FixBofFile.java
import java.io.File;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.net.JarURLConnection;
import java.net.URL;
import java.util.Enumeration;
import java.util.zip.ZipEntry;
import java.util.zip.ZipFile;
import java.util.zip.ZipOutputStream;
View ConnectionsTest.java
package pro.documentum.util;
import java.util.ArrayList;
import java.util.List;
import org.junit.Test;
import com.documentum.fc.client.IDfQuery;
import com.documentum.fc.client.IDfSession;
import com.documentum.fc.common.DfException;
You can’t perform that action at this time.