Andrey B. Panfilov andreybpanfilov
andreybpanfilov
/ Dockerfile
Last active
September 14, 2022 02:27
Unable to download Java dependencies with Dockerfile
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| FROM eclipse-temurin:18.0.2.1_1-jdk-focal AS builder | |
| ENV APP=/home/meapi/app | |
| WORKDIR $APP | |
| COPY .mvn .mvn | |
| COPY ./mvnw pom.xml ./ | |
| RUN ./mvnw -B de.qaware.maven:go-offline-maven-plugin:1.2.8:resolve-dependencies | |
| COPY src src | |
| RUN ./mvnw -o package -DskipTests | |
| FROM eclipse-temurin:18.0.2.1_1-jre-focal as dev |
andreybpanfilov
/ sequence2documentum.sql
Last active
September 23, 2020 20:24
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| create or replace function get_object_part(p_galactic bigint) returns varchar | |
| language plpgsql | |
| as | |
| $$ | |
| declare | |
| v_chars varchar array default array [ | |
| '0', '1', '2', '3', '4', '5', '6', '7', | |
| '8', '9', 'a', 'b', 'c', 'd', 'e', 'f', | |
| 'g', 'h', 'i', 'j', 'k', 'l', 'm', 'n', | |
| 'o', 'p', 'q', 'r', 's', 't', 'u', 'v', |
andreybpanfilov
/ d2.html
Created
January 5, 2018 16:26
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <!DOCTYPE html> | |
| <html lang="en"> | |
| <head> | |
| <meta charset="UTF-8"> | |
| <title>Hello, World!</title> | |
| </head> | |
| <body> | |
| <input type='button' value='Test D2' onclick='exec()'> |
andreybpanfilov
/ CVE-2017-15276.py
Last active
October 12, 2017 02:48
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| # Opentext Documentum Content Server (formerly known as EMC Documentum Content Server) | |
| # contains following design gap, which allows authenticated user to gain privileges | |
| # of superuser: | |
| # | |
| # Content Server allows to upload content using batches (TAR archives), when unpacking | |
| # TAR archives Content Server fails to verify contents of TAR archive which | |
| # causes path traversal vulnerability via symlinks, because some files on Content Server | |
| # filesystem are security-sensitive the security flaw described above leads to |
andreybpanfilov
/ AuthenticationServiceCustom.java
Created
October 1, 2017 16:51
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| package com.documentum.web.formext.session; | |
| import javax.servlet.http.HttpServletRequest; | |
| import javax.servlet.http.HttpSession; | |
| import com.documentum.fc.client.IDfSession; | |
| import com.documentum.fc.client.IDfSessionManager; | |
| import com.documentum.fc.common.DfException; | |
| import com.documentum.fc.common.DfLoginInfo; | |
| import com.documentum.fc.common.IDfLoginInfo; |
andreybpanfilov
/ CVE-2017-15012.py
Last active
October 4, 2017 03:11
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| # Opentext Documentum Content Server (formerly known as EMC Documentum Content Server) | |
| # does not properly validate input of PUT_FILE RPC-command which allows any | |
| # authenticated user to hijack arbitrary file from Content Server filesystem, | |
| # because some files on Content Server filesystem are security-sensitive | |
| # the security flaw described above leads to privilege escalation | |
| # | |
| # The PoC below demonstrates this vulnerability: | |
| # |
andreybpanfilov
/ CVE-2017-15013.py
Last active
October 22, 2018 04:39
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| # Opentext Documentum Content Server (formerly known as EMC Documentum Content Server) | |
| # contains following design gap, which allows authenticated user to gain privileges | |
| # of superuser: | |
| # | |
| # Content Server stores information about uploaded files in dmr_content objects, | |
| # which are queryable and "editable" (before release 7.2P02 any authenticated user | |
| # was able to edit dmr_content objects, now any authenticated user may delete | |
| # dmr_content object and them create new one with the old identifier) by |
andreybpanfilov
/ CVE-2017-15014.py
Last active
October 4, 2017 03:32
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env python | |
| # Opentext Documentum Content Server (formerly known as EMC Documentum Content Server) | |
| # contains following design gap, which allows authenticated user to download arbitrary | |
| # content files regardless attacker's repository permissions: | |
| # | |
| # when authenticated user upload content to repository he performs following steps: | |
| # - calls START_PUSH RPC-command | |
| # - uploads file to content server | |
| # - calls END_PUSH_V2 RPC-command, here Content Server returns DATA_TICKET, |
andreybpanfilov
/ JmeterCreateUCFSession.groovy
Last active
September 29, 2017 19:19
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import com.documentum.ucf.client.ClientFactory | |
| import com.documentum.ucf.client.transport.IClientRequest | |
| import com.documentum.ucf.client.transport.IRequestHandler | |
| import com.documentum.ucf.client.transport.IResultPackage | |
| import com.documentum.ucf.client.transport.impl.BaseResultPackage | |
| import com.documentum.ucf.client.transport.impl.ClientSession | |
| import com.documentum.ucf.client.transport.impl.RequestProcessor | |
| import com.documentum.ucf.client.transport.requesthandlers.spi.BaseRequestHandler | |
| import com.documentum.ucf.client.transport.requesthandlers.spi.RequestHandlerMismatchException | |
| import com.documentum.ucf.common.UCFMessageCodes |
andreybpanfilov
/ ZipFileTest.java
Last active
July 26, 2017 04:45
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import java.io.File; | |
| import java.io.FileOutputStream; | |
| import java.io.IOException; | |
| import java.util.Enumeration; | |
| import java.util.zip.ZipEntry; | |
| import java.util.zip.ZipFile; | |
| import java.util.zip.ZipOutputStream; | |
| public class ZipFileTest { |
NewerOlder