Andrey B. Panfilov andreybpanfilov
andreybpanfilov
/ sequence2documentum.sql
Last active Sep 23, 2020
View sequence2documentum.sql
| create or replace function get_object_part(p_galactic bigint) returns varchar | |
| language plpgsql | |
| as | |
| $$ | |
| declare | |
| v_chars varchar array default array [ | |
| '0', '1', '2', '3', '4', '5', '6', '7', | |
| '8', '9', 'a', 'b', 'c', 'd', 'e', 'f', | |
| 'g', 'h', 'i', 'j', 'k', 'l', 'm', 'n', | |
| 'o', 'p', 'q', 'r', 's', 't', 'u', 'v', |
andreybpanfilov
/ d2.html
Created Jan 5, 2018
View d2.html
| <!DOCTYPE html> | |
| <html lang="en"> | |
| <head> | |
| <meta charset="UTF-8"> | |
| <title>Hello, World!</title> | |
| </head> | |
| <body> | |
| <input type='button' value='Test D2' onclick='exec()'> |
andreybpanfilov
/ CVE-2017-15276.py
Last active Oct 12, 2017
View CVE-2017-15276.py
| #!/usr/bin/env python | |
| # Opentext Documentum Content Server (formerly known as EMC Documentum Content Server) | |
| # contains following design gap, which allows authenticated user to gain privileges | |
| # of superuser: | |
| # | |
| # Content Server allows to upload content using batches (TAR archives), when unpacking | |
| # TAR archives Content Server fails to verify contents of TAR archive which | |
| # causes path traversal vulnerability via symlinks, because some files on Content Server | |
| # filesystem are security-sensitive the security flaw described above leads to |
andreybpanfilov
/ AuthenticationServiceCustom.java
Created Oct 1, 2017
View AuthenticationServiceCustom.java
| package com.documentum.web.formext.session; | |
| import javax.servlet.http.HttpServletRequest; | |
| import javax.servlet.http.HttpSession; | |
| import com.documentum.fc.client.IDfSession; | |
| import com.documentum.fc.client.IDfSessionManager; | |
| import com.documentum.fc.common.DfException; | |
| import com.documentum.fc.common.DfLoginInfo; | |
| import com.documentum.fc.common.IDfLoginInfo; |
andreybpanfilov
/ CVE-2017-15012.py
Last active Oct 4, 2017
View CVE-2017-15012.py
| #!/usr/bin/env python | |
| # Opentext Documentum Content Server (formerly known as EMC Documentum Content Server) | |
| # does not properly validate input of PUT_FILE RPC-command which allows any | |
| # authenticated user to hijack arbitrary file from Content Server filesystem, | |
| # because some files on Content Server filesystem are security-sensitive | |
| # the security flaw described above leads to privilege escalation | |
| # | |
| # The PoC below demonstrates this vulnerability: | |
| # |
andreybpanfilov
/ CVE-2017-15013.py
Last active Oct 22, 2018
View CVE-2017-15013.py
| #!/usr/bin/env python | |
| # Opentext Documentum Content Server (formerly known as EMC Documentum Content Server) | |
| # contains following design gap, which allows authenticated user to gain privileges | |
| # of superuser: | |
| # | |
| # Content Server stores information about uploaded files in dmr_content objects, | |
| # which are queryable and "editable" (before release 7.2P02 any authenticated user | |
| # was able to edit dmr_content objects, now any authenticated user may delete | |
| # dmr_content object and them create new one with the old identifier) by |
andreybpanfilov
/ CVE-2017-15014.py
Last active Oct 4, 2017
View CVE-2017-15014.py
| #!/usr/bin/env python | |
| # Opentext Documentum Content Server (formerly known as EMC Documentum Content Server) | |
| # contains following design gap, which allows authenticated user to download arbitrary | |
| # content files regardless attacker's repository permissions: | |
| # | |
| # when authenticated user upload content to repository he performs following steps: | |
| # - calls START_PUSH RPC-command | |
| # - uploads file to content server | |
| # - calls END_PUSH_V2 RPC-command, here Content Server returns DATA_TICKET, |
andreybpanfilov
/ JmeterCreateUCFSession.groovy
Last active Sep 29, 2017
View JmeterCreateUCFSession.groovy
| import com.documentum.ucf.client.ClientFactory | |
| import com.documentum.ucf.client.transport.IClientRequest | |
| import com.documentum.ucf.client.transport.IRequestHandler | |
| import com.documentum.ucf.client.transport.IResultPackage | |
| import com.documentum.ucf.client.transport.impl.BaseResultPackage | |
| import com.documentum.ucf.client.transport.impl.ClientSession | |
| import com.documentum.ucf.client.transport.impl.RequestProcessor | |
| import com.documentum.ucf.client.transport.requesthandlers.spi.BaseRequestHandler | |
| import com.documentum.ucf.client.transport.requesthandlers.spi.RequestHandlerMismatchException | |
| import com.documentum.ucf.common.UCFMessageCodes |
andreybpanfilov
/ ZipFileTest.java
Last active Jul 26, 2017
View ZipFileTest.java
| import java.io.File; | |
| import java.io.FileOutputStream; | |
| import java.io.IOException; | |
| import java.util.Enumeration; | |
| import java.util.zip.ZipEntry; | |
| import java.util.zip.ZipFile; | |
| import java.util.zip.ZipOutputStream; | |
| public class ZipFileTest { |
andreybpanfilov
/ FixBofFile.java
Created Jul 25, 2017
View FixBofFile.java
| import java.io.File; | |
| import java.io.FileOutputStream; | |
| import java.io.IOException; | |
| import java.io.InputStream; | |
| import java.net.JarURLConnection; | |
| import java.net.URL; | |
| import java.util.Enumeration; | |
| import java.util.zip.ZipEntry; | |
| import java.util.zip.ZipFile; | |
| import java.util.zip.ZipOutputStream; |
NewerOlder