Andrey B. Panfilov andreybpanfilov

## DocumentumD2AACBackDoorPoC.java
import java.io.ByteArrayOutputStream;
import java.io.ObjectOutputStream;
import java.lang.reflect.Array;
import java.lang.reflect.Field;
import java.lang.reflect.InvocationHandler;
import java.lang.reflect.Method;
import java.lang.reflect.Proxy;
import java.util.HashMap;
import java.util.Map;

## DmrContentBackDoorPoC.java
import java.io.ByteArrayOutputStream;

import com.documentum.com.DfClientX;
import com.documentum.fc.client.IDfMethodObject;
import com.documentum.fc.client.IDfSession;
import com.documentum.fc.client.IDfSysObject;
import com.documentum.fc.client.IDfUser;
import com.documentum.fc.client.content.IDfContent;
import com.documentum.fc.client.impl.connection.docbase.IDocbaseConnection;
import com.documentum.fc.client.impl.session.ISession;

## DocumentumWebtopCommonsBeanutilsPoC.java
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.ObjectOutputStream;
import java.io.Serializable;
import java.lang.reflect.Field;
import java.math.BigInteger;
import java.net.HttpURLConnection;
import java.net.URL;
import java.util.PriorityQueue;

## DfcHell.groovy
import com.documentum.com.DfClientX
import com.documentum.dmcl.impl.DmclApi
import com.documentum.fc.client.*
import com.documentum.fc.common.DfId
import com.documentum.fc.common.DfLoginInfo
import com.documentum.fc.common.DfPreferences
import com.documentum.fc.common.IDfAttr
import com.documentum.fc.impl.util.holders.IntHolder
import groovy.json.JsonOutput
import org.codehaus.groovy.tools.shell.Groovysh

## dfcdiagnostics.jsp
<%@ page import="java.io.ByteArrayOutputStream" %>
<%@ page import="java.io.OutputStreamWriter" %>
<%@ page import="java.io.PrintWriter" %>
<%@ page import="java.lang.reflect.Field" %>
<%@ page import="com.documentum.fc.common.DfPreferences" %>
<%@ page import="com.documentum.fc.common.DfRuntimeException" %>
<%@ page contentType="text/html;charset=UTF-8" language="java" %>
<html>
<head>
    <title>DFC Diagnostics</title>

## CVE20160914POC.java
import java.io.ObjectOutputStream;
import java.net.HttpURLConnection;
import java.net.URL;

import com.documentum.web.security.RandomIdCache;

/**
 * @author Andrey B. Panfilov <andrey@panfilov.tel>
 */
public class CVE20160914POC {

## DocumentumD2BeanShellPoc.java
import java.io.ByteArrayOutputStream;
import java.io.DataOutputStream;
import java.io.InputStream;
import java.io.ObjectOutputStream;
import java.lang.reflect.Constructor;
import java.lang.reflect.Field;
import java.net.HttpURLConnection;
import java.net.URL;
import java.util.ArrayList;
import java.util.Comparator;

## DM_NONQUALIFIABLE.sql
CREATE OR REPLACE PACKAGE DM_NONQUALIFIABLE
AS
   FUNCTION READ_VALUE (p_object_id   IN VARCHAR2,
                        p_type_name   IN VARCHAR2,
                        p_attr_name   IN VARCHAR2)
      RETURN CLOB;

   FUNCTION READ_VALUE (p_property_bag   IN BLOB,
                        p_attribute_id   IN INTEGER,
                        p_object_id      IN VARCHAR2,

## threaddump.jsp
<%@page import="java.io.IOException" %>
<%@page import="java.io.PrintWriter" %>
<%@page import="java.lang.management.LockInfo" %>
<%@page import="java.lang.management.ManagementFactory" %>
<%@page import="java.lang.management.MonitorInfo" %>
<%@ page import="java.lang.management.ThreadInfo" %>
<%@ page import="java.lang.management.ThreadMXBean" %>
<%@ page import="java.util.ArrayList" %>
<%@ page import="java.util.Collections" %>
<%@ page import="java.util.List" %>

## dfcsessions.jsp
<%@ page import="java.lang.management.LockInfo" %>
<%@ page import="java.lang.management.ManagementFactory" %>
<%@ page import="java.lang.management.MonitorInfo" %>
<%@ page import="java.lang.management.ThreadInfo" %>
<%@ page import="java.lang.management.ThreadMXBean" %>
<%@ page import="java.lang.reflect.Field" %>
<%@ page import="java.net.Socket" %>
<%@ page import="java.util.Collection" %>
<%@ page import="com.documentum.fc.client.impl.connection.docbase.IDocbaseConnection" %>
<%@ page import="com.documentum.fc.client.impl.connection.docbase.IDocbaseRpcClient" %>
	import java.io.ByteArrayOutputStream;
	import java.io.ObjectOutputStream;
	import java.lang.reflect.Array;
	import java.lang.reflect.Field;
	import java.lang.reflect.InvocationHandler;
	import java.lang.reflect.Method;
	import java.lang.reflect.Proxy;
	import java.util.HashMap;
	import java.util.Map;
	import java.io.ByteArrayOutputStream;

	import com.documentum.com.DfClientX;
	import com.documentum.fc.client.IDfMethodObject;
	import com.documentum.fc.client.IDfSession;
	import com.documentum.fc.client.IDfSysObject;
	import com.documentum.fc.client.IDfUser;
	import com.documentum.fc.client.content.IDfContent;
	import com.documentum.fc.client.impl.connection.docbase.IDocbaseConnection;
	import com.documentum.fc.client.impl.session.ISession;
	import java.io.ByteArrayOutputStream;
	import java.io.IOException;
	import java.io.InputStream;
	import java.io.ObjectOutputStream;
	import java.io.Serializable;
	import java.lang.reflect.Field;
	import java.math.BigInteger;
	import java.net.HttpURLConnection;
	import java.net.URL;
	import java.util.PriorityQueue;
	import com.documentum.com.DfClientX
	import com.documentum.dmcl.impl.DmclApi
	import com.documentum.fc.client.*
	import com.documentum.fc.common.DfId
	import com.documentum.fc.common.DfLoginInfo
	import com.documentum.fc.common.DfPreferences
	import com.documentum.fc.common.IDfAttr
	import com.documentum.fc.impl.util.holders.IntHolder
	import groovy.json.JsonOutput
	import org.codehaus.groovy.tools.shell.Groovysh
	<%@ page import="java.io.ByteArrayOutputStream" %>
	<%@ page import="java.io.OutputStreamWriter" %>
	<%@ page import="java.io.PrintWriter" %>
	<%@ page import="java.lang.reflect.Field" %>
	<%@ page import="com.documentum.fc.common.DfPreferences" %>
	<%@ page import="com.documentum.fc.common.DfRuntimeException" %>
	<%@ page contentType="text/html;charset=UTF-8" language="java" %>
	<html>
	<head>
	<title>DFC Diagnostics</title>
	import java.io.ByteArrayOutputStream;
	import java.io.DataOutputStream;
	import java.io.InputStream;
	import java.io.ObjectOutputStream;
	import java.lang.reflect.Constructor;
	import java.lang.reflect.Field;
	import java.net.HttpURLConnection;
	import java.net.URL;
	import java.util.ArrayList;
	import java.util.Comparator;
	CREATE OR REPLACE PACKAGE DM_NONQUALIFIABLE
	AS
	FUNCTION READ_VALUE (p_object_id IN VARCHAR2,
	p_type_name IN VARCHAR2,
	p_attr_name IN VARCHAR2)
	RETURN CLOB;

	FUNCTION READ_VALUE (p_property_bag IN BLOB,
	p_attribute_id IN INTEGER,
	p_object_id IN VARCHAR2,
	<%@page import="java.io.IOException" %>
	<%@page import="java.io.PrintWriter" %>
	<%@page import="java.lang.management.LockInfo" %>
	<%@page import="java.lang.management.ManagementFactory" %>
	<%@page import="java.lang.management.MonitorInfo" %>
	<%@ page import="java.lang.management.ThreadInfo" %>
	<%@ page import="java.lang.management.ThreadMXBean" %>
	<%@ page import="java.util.ArrayList" %>
	<%@ page import="java.util.Collections" %>
	<%@ page import="java.util.List" %>
	<%@ page import="java.lang.management.LockInfo" %>
	<%@ page import="java.lang.management.ManagementFactory" %>
	<%@ page import="java.lang.management.MonitorInfo" %>
	<%@ page import="java.lang.management.ThreadInfo" %>
	<%@ page import="java.lang.management.ThreadMXBean" %>
	<%@ page import="java.lang.reflect.Field" %>
	<%@ page import="java.net.Socket" %>
	<%@ page import="java.util.Collection" %>
	<%@ page import="com.documentum.fc.client.impl.connection.docbase.IDocbaseConnection" %>
	<%@ page import="com.documentum.fc.client.impl.connection.docbase.IDocbaseRpcClient" %>