Skip to content

Instantly share code, notes, and snippets.

View sequence2documentum.sql
create or replace function get_object_part(p_galactic bigint) returns varchar
language plpgsql
as
$$
declare
v_chars varchar array default array [
'0', '1', '2', '3', '4', '5', '6', '7',
'8', '9', 'a', 'b', 'c', 'd', 'e', 'f',
'g', 'h', 'i', 'j', 'k', 'l', 'm', 'n',
'o', 'p', 'q', 'r', 's', 't', 'u', 'v',
View d2.html
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Hello, World!</title>
</head>
<body>
<input type='button' value='Test D2' onclick='exec()'>
View CVE-2017-15276.py
#!/usr/bin/env python
# Opentext Documentum Content Server (formerly known as EMC Documentum Content Server)
# contains following design gap, which allows authenticated user to gain privileges
# of superuser:
#
# Content Server allows to upload content using batches (TAR archives), when unpacking
# TAR archives Content Server fails to verify contents of TAR archive which
# causes path traversal vulnerability via symlinks, because some files on Content Server
# filesystem are security-sensitive the security flaw described above leads to
View AuthenticationServiceCustom.java
package com.documentum.web.formext.session;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import com.documentum.fc.client.IDfSession;
import com.documentum.fc.client.IDfSessionManager;
import com.documentum.fc.common.DfException;
import com.documentum.fc.common.DfLoginInfo;
import com.documentum.fc.common.IDfLoginInfo;
View CVE-2017-15012.py
#!/usr/bin/env python
# Opentext Documentum Content Server (formerly known as EMC Documentum Content Server)
# does not properly validate input of PUT_FILE RPC-command which allows any
# authenticated user to hijack arbitrary file from Content Server filesystem,
# because some files on Content Server filesystem are security-sensitive
# the security flaw described above leads to privilege escalation
#
# The PoC below demonstrates this vulnerability:
#
View CVE-2017-15013.py
#!/usr/bin/env python
# Opentext Documentum Content Server (formerly known as EMC Documentum Content Server)
# contains following design gap, which allows authenticated user to gain privileges
# of superuser:
#
# Content Server stores information about uploaded files in dmr_content objects,
# which are queryable and "editable" (before release 7.2P02 any authenticated user
# was able to edit dmr_content objects, now any authenticated user may delete
# dmr_content object and them create new one with the old identifier) by
View CVE-2017-15014.py
#!/usr/bin/env python
# Opentext Documentum Content Server (formerly known as EMC Documentum Content Server)
# contains following design gap, which allows authenticated user to download arbitrary
# content files regardless attacker's repository permissions:
#
# when authenticated user upload content to repository he performs following steps:
# - calls START_PUSH RPC-command
# - uploads file to content server
# - calls END_PUSH_V2 RPC-command, here Content Server returns DATA_TICKET,
View JmeterCreateUCFSession.groovy
import com.documentum.ucf.client.ClientFactory
import com.documentum.ucf.client.transport.IClientRequest
import com.documentum.ucf.client.transport.IRequestHandler
import com.documentum.ucf.client.transport.IResultPackage
import com.documentum.ucf.client.transport.impl.BaseResultPackage
import com.documentum.ucf.client.transport.impl.ClientSession
import com.documentum.ucf.client.transport.impl.RequestProcessor
import com.documentum.ucf.client.transport.requesthandlers.spi.BaseRequestHandler
import com.documentum.ucf.client.transport.requesthandlers.spi.RequestHandlerMismatchException
import com.documentum.ucf.common.UCFMessageCodes
View ZipFileTest.java
import java.io.File;
import java.io.FileOutputStream;
import java.io.IOException;
import java.util.Enumeration;
import java.util.zip.ZipEntry;
import java.util.zip.ZipFile;
import java.util.zip.ZipOutputStream;
public class ZipFileTest {
View FixBofFile.java
import java.io.File;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.net.JarURLConnection;
import java.net.URL;
import java.util.Enumeration;
import java.util.zip.ZipEntry;
import java.util.zip.ZipFile;
import java.util.zip.ZipOutputStream;