View sequence2documentum.sql
create or replace function get_object_part(p_galactic bigint) returns varchar | |
language plpgsql | |
as | |
$$ | |
declare | |
v_chars varchar array default array [ | |
'0', '1', '2', '3', '4', '5', '6', '7', | |
'8', '9', 'a', 'b', 'c', 'd', 'e', 'f', | |
'g', 'h', 'i', 'j', 'k', 'l', 'm', 'n', | |
'o', 'p', 'q', 'r', 's', 't', 'u', 'v', |
View d2.html
<!DOCTYPE html> | |
<html lang="en"> | |
<head> | |
<meta charset="UTF-8"> | |
<title>Hello, World!</title> | |
</head> | |
<body> | |
<input type='button' value='Test D2' onclick='exec()'> |
View CVE-2017-15276.py
#!/usr/bin/env python | |
# Opentext Documentum Content Server (formerly known as EMC Documentum Content Server) | |
# contains following design gap, which allows authenticated user to gain privileges | |
# of superuser: | |
# | |
# Content Server allows to upload content using batches (TAR archives), when unpacking | |
# TAR archives Content Server fails to verify contents of TAR archive which | |
# causes path traversal vulnerability via symlinks, because some files on Content Server | |
# filesystem are security-sensitive the security flaw described above leads to |
View AuthenticationServiceCustom.java
package com.documentum.web.formext.session; | |
import javax.servlet.http.HttpServletRequest; | |
import javax.servlet.http.HttpSession; | |
import com.documentum.fc.client.IDfSession; | |
import com.documentum.fc.client.IDfSessionManager; | |
import com.documentum.fc.common.DfException; | |
import com.documentum.fc.common.DfLoginInfo; | |
import com.documentum.fc.common.IDfLoginInfo; |
View CVE-2017-15012.py
#!/usr/bin/env python | |
# Opentext Documentum Content Server (formerly known as EMC Documentum Content Server) | |
# does not properly validate input of PUT_FILE RPC-command which allows any | |
# authenticated user to hijack arbitrary file from Content Server filesystem, | |
# because some files on Content Server filesystem are security-sensitive | |
# the security flaw described above leads to privilege escalation | |
# | |
# The PoC below demonstrates this vulnerability: | |
# |
View CVE-2017-15013.py
#!/usr/bin/env python | |
# Opentext Documentum Content Server (formerly known as EMC Documentum Content Server) | |
# contains following design gap, which allows authenticated user to gain privileges | |
# of superuser: | |
# | |
# Content Server stores information about uploaded files in dmr_content objects, | |
# which are queryable and "editable" (before release 7.2P02 any authenticated user | |
# was able to edit dmr_content objects, now any authenticated user may delete | |
# dmr_content object and them create new one with the old identifier) by |
View CVE-2017-15014.py
#!/usr/bin/env python | |
# Opentext Documentum Content Server (formerly known as EMC Documentum Content Server) | |
# contains following design gap, which allows authenticated user to download arbitrary | |
# content files regardless attacker's repository permissions: | |
# | |
# when authenticated user upload content to repository he performs following steps: | |
# - calls START_PUSH RPC-command | |
# - uploads file to content server | |
# - calls END_PUSH_V2 RPC-command, here Content Server returns DATA_TICKET, |
View JmeterCreateUCFSession.groovy
import com.documentum.ucf.client.ClientFactory | |
import com.documentum.ucf.client.transport.IClientRequest | |
import com.documentum.ucf.client.transport.IRequestHandler | |
import com.documentum.ucf.client.transport.IResultPackage | |
import com.documentum.ucf.client.transport.impl.BaseResultPackage | |
import com.documentum.ucf.client.transport.impl.ClientSession | |
import com.documentum.ucf.client.transport.impl.RequestProcessor | |
import com.documentum.ucf.client.transport.requesthandlers.spi.BaseRequestHandler | |
import com.documentum.ucf.client.transport.requesthandlers.spi.RequestHandlerMismatchException | |
import com.documentum.ucf.common.UCFMessageCodes |
View ZipFileTest.java
import java.io.File; | |
import java.io.FileOutputStream; | |
import java.io.IOException; | |
import java.util.Enumeration; | |
import java.util.zip.ZipEntry; | |
import java.util.zip.ZipFile; | |
import java.util.zip.ZipOutputStream; | |
public class ZipFileTest { |
View FixBofFile.java
import java.io.File; | |
import java.io.FileOutputStream; | |
import java.io.IOException; | |
import java.io.InputStream; | |
import java.net.JarURLConnection; | |
import java.net.URL; | |
import java.util.Enumeration; | |
import java.util.zip.ZipEntry; | |
import java.util.zip.ZipFile; | |
import java.util.zip.ZipOutputStream; |
NewerOlder