Skip to content

Instantly share code, notes, and snippets.

View d2.html
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Hello, World!</title>
</head>
<body>
<input type='button' value='Test D2' onclick='exec()'>
View CVE-2017-15276.py
#!/usr/bin/env python
# Opentext Documentum Content Server (formerly known as EMC Documentum Content Server)
# contains following design gap, which allows authenticated user to gain privileges
# of superuser:
#
# Content Server allows to upload content using batches (TAR archives), when unpacking
# TAR archives Content Server fails to verify contents of TAR archive which
# causes path traversal vulnerability via symlinks, because some files on Content Server
# filesystem are security-sensitive the security flaw described above leads to
View AuthenticationServiceCustom.java
package com.documentum.web.formext.session;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import com.documentum.fc.client.IDfSession;
import com.documentum.fc.client.IDfSessionManager;
import com.documentum.fc.common.DfException;
import com.documentum.fc.common.DfLoginInfo;
import com.documentum.fc.common.IDfLoginInfo;
View CVE-2017-15012.py
#!/usr/bin/env python
# Opentext Documentum Content Server (formerly known as EMC Documentum Content Server)
# does not properly validate input of PUT_FILE RPC-command which allows any
# authenticated user to hijack arbitrary file from Content Server filesystem,
# because some files on Content Server filesystem are security-sensitive
# the security flaw described above leads to privilege escalation
#
# The PoC below demonstrates this vulnerability:
#
View CVE-2017-15013.py
#!/usr/bin/env python
# Opentext Documentum Content Server (formerly known as EMC Documentum Content Server)
# contains following design gap, which allows authenticated user to gain privileges
# of superuser:
#
# Content Server stores information about uploaded files in dmr_content objects,
# which are queryable and "editable" (before release 7.2P02 any authenticated user
# was able to edit dmr_content objects, now any authenticated user may delete
# dmr_content object and them create new one with the old identifier) by
View CVE-2017-15014.py
#!/usr/bin/env python
# Opentext Documentum Content Server (formerly known as EMC Documentum Content Server)
# contains following design gap, which allows authenticated user to download arbitrary
# content files regardless attacker's repository permissions:
#
# when authenticated user upload content to repository he performs following steps:
# - calls START_PUSH RPC-command
# - uploads file to content server
# - calls END_PUSH_V2 RPC-command, here Content Server returns DATA_TICKET,
View JmeterCreateUCFSession.groovy
import com.documentum.ucf.client.ClientFactory
import com.documentum.ucf.client.transport.IClientRequest
import com.documentum.ucf.client.transport.IRequestHandler
import com.documentum.ucf.client.transport.IResultPackage
import com.documentum.ucf.client.transport.impl.BaseResultPackage
import com.documentum.ucf.client.transport.impl.ClientSession
import com.documentum.ucf.client.transport.impl.RequestProcessor
import com.documentum.ucf.client.transport.requesthandlers.spi.BaseRequestHandler
import com.documentum.ucf.client.transport.requesthandlers.spi.RequestHandlerMismatchException
import com.documentum.ucf.common.UCFMessageCodes
View ZipFileTest.java
import java.io.File;
import java.io.FileOutputStream;
import java.io.IOException;
import java.util.Enumeration;
import java.util.zip.ZipEntry;
import java.util.zip.ZipFile;
import java.util.zip.ZipOutputStream;
public class ZipFileTest {
View FixBofFile.java
import java.io.File;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.net.JarURLConnection;
import java.net.URL;
import java.util.Enumeration;
import java.util.zip.ZipEntry;
import java.util.zip.ZipFile;
import java.util.zip.ZipOutputStream;
View ConnectionsTest.java
package pro.documentum.util;
import java.util.ArrayList;
import java.util.List;
import org.junit.Test;
import com.documentum.fc.client.IDfQuery;
import com.documentum.fc.client.IDfSession;
import com.documentum.fc.common.DfException;
You can’t perform that action at this time.