This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
FROM eclipse-temurin:18.0.2.1_1-jdk-focal AS builder | |
ENV APP=/home/meapi/app | |
WORKDIR $APP | |
COPY .mvn .mvn | |
COPY ./mvnw pom.xml ./ | |
RUN ./mvnw -B de.qaware.maven:go-offline-maven-plugin:1.2.8:resolve-dependencies | |
COPY src src | |
RUN ./mvnw -o package -DskipTests | |
FROM eclipse-temurin:18.0.2.1_1-jre-focal as dev |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
create or replace function get_object_part(p_galactic bigint) returns varchar | |
language plpgsql | |
as | |
$$ | |
declare | |
v_chars varchar array default array [ | |
'0', '1', '2', '3', '4', '5', '6', '7', | |
'8', '9', 'a', 'b', 'c', 'd', 'e', 'f', | |
'g', 'h', 'i', 'j', 'k', 'l', 'm', 'n', | |
'o', 'p', 'q', 'r', 's', 't', 'u', 'v', |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<!DOCTYPE html> | |
<html lang="en"> | |
<head> | |
<meta charset="UTF-8"> | |
<title>Hello, World!</title> | |
</head> | |
<body> | |
<input type='button' value='Test D2' onclick='exec()'> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python | |
# Opentext Documentum Content Server (formerly known as EMC Documentum Content Server) | |
# contains following design gap, which allows authenticated user to gain privileges | |
# of superuser: | |
# | |
# Content Server allows to upload content using batches (TAR archives), when unpacking | |
# TAR archives Content Server fails to verify contents of TAR archive which | |
# causes path traversal vulnerability via symlinks, because some files on Content Server | |
# filesystem are security-sensitive the security flaw described above leads to |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
package com.documentum.web.formext.session; | |
import javax.servlet.http.HttpServletRequest; | |
import javax.servlet.http.HttpSession; | |
import com.documentum.fc.client.IDfSession; | |
import com.documentum.fc.client.IDfSessionManager; | |
import com.documentum.fc.common.DfException; | |
import com.documentum.fc.common.DfLoginInfo; | |
import com.documentum.fc.common.IDfLoginInfo; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python | |
# Opentext Documentum Content Server (formerly known as EMC Documentum Content Server) | |
# does not properly validate input of PUT_FILE RPC-command which allows any | |
# authenticated user to hijack arbitrary file from Content Server filesystem, | |
# because some files on Content Server filesystem are security-sensitive | |
# the security flaw described above leads to privilege escalation | |
# | |
# The PoC below demonstrates this vulnerability: | |
# |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python | |
# Opentext Documentum Content Server (formerly known as EMC Documentum Content Server) | |
# contains following design gap, which allows authenticated user to gain privileges | |
# of superuser: | |
# | |
# Content Server stores information about uploaded files in dmr_content objects, | |
# which are queryable and "editable" (before release 7.2P02 any authenticated user | |
# was able to edit dmr_content objects, now any authenticated user may delete | |
# dmr_content object and them create new one with the old identifier) by |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python | |
# Opentext Documentum Content Server (formerly known as EMC Documentum Content Server) | |
# contains following design gap, which allows authenticated user to download arbitrary | |
# content files regardless attacker's repository permissions: | |
# | |
# when authenticated user upload content to repository he performs following steps: | |
# - calls START_PUSH RPC-command | |
# - uploads file to content server | |
# - calls END_PUSH_V2 RPC-command, here Content Server returns DATA_TICKET, |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import com.documentum.ucf.client.ClientFactory | |
import com.documentum.ucf.client.transport.IClientRequest | |
import com.documentum.ucf.client.transport.IRequestHandler | |
import com.documentum.ucf.client.transport.IResultPackage | |
import com.documentum.ucf.client.transport.impl.BaseResultPackage | |
import com.documentum.ucf.client.transport.impl.ClientSession | |
import com.documentum.ucf.client.transport.impl.RequestProcessor | |
import com.documentum.ucf.client.transport.requesthandlers.spi.BaseRequestHandler | |
import com.documentum.ucf.client.transport.requesthandlers.spi.RequestHandlerMismatchException | |
import com.documentum.ucf.common.UCFMessageCodes |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import java.io.File; | |
import java.io.FileOutputStream; | |
import java.io.IOException; | |
import java.util.Enumeration; | |
import java.util.zip.ZipEntry; | |
import java.util.zip.ZipFile; | |
import java.util.zip.ZipOutputStream; | |
public class ZipFileTest { |
NewerOlder