0day.today - Biggest Exploit Database in the World.

Select your language:

Things you should know about 0day.today:

We use one main domain: http://0day.today
Most of the materials is completely FREE
If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earn GOLD

We accept currencies: [contact admin to find more]

We don't want you to use our site as a tool for hacking purposes, so any kind of action that could affect illegaly other users or websites that you don't have right to access will be banned and your account including your data will be destroyed.

Administration of this site uses the official contacts. Beware of impostors!

We DO NOT use Telegram or any messengers / social networks!
Please, beware of scammers!

I am registered user of 0day.today. I don't want to see this screen in future.

What to do first?

Read the [ agreement ]
Read the [ Submit ] rules
Visit the [ faq ] page
[ Register ] profile
Get [ GOLD ]
If you want to [ sell ]
If you want to [ buy ]
If you lost [ Account ]
Any questions [ admin@0day.today ]

Main links

You can contact us by

Mail:

mr.inj3ct0r@gmail.com

Facebook:

Inj3ct0rs

Twitter:

Inj3ct0r

Telegram:

We DO NOT use Telegram or any messengers / social networks!

[ authorization ] [ registration ] [ restore account ]

You can contact us by:

Mail:

mr.inj3ct0r@gmail.com

Facebook:

Inj3ct0rs

Twitter:

Inj3ct0r

Telegram:

We DO NOT use Telegram or any messengers / social networks!

OpenText Documentum Administrator / Webtop XXE Injection Vulnerability

Author

Jakub Palaczynski

Risk

[

Security Risk Medium

]

0day-ID

0day-ID-28639

Category

web applications

Date add

27-09-2017

CVE

CVE-2017-14526
CVE-2017-14527

Platform

java

Title: OpenText Documentum Administrator and Webtop - XML External
Entity Injection
Author: Jakub Palaczynski, Pawel Gocyla
Date: 24. September 2017
CVE (Administrator): CVE-2017-14526
CVE (Webtop): CVE-2017-14527

Affected software:
==================
Documentum Administrator
Documentum Webtop

Exploit was tested on:
======================
Documentum Administrator version 7.2.0180.0055
Documentum Webtop version 6.8.0160.0073
Other versions may also be vulnerable.

XML External Entity Injection - 4 instances:
============================================

Please note that examples below are for Documentum Administrator, but
the same exploitation takes place in Webtop.
This vulnerability allows for:
- listing directories and retrieving content of files from the filesystem
- stealing hashes of user that runs Documentum (if installed on Windows)
- DoS

1. Instance 1 and 2:
Authenticated users can exploit XXE vulnerability by browsing "Tools >
Preferences". It generates request to
/xda/com/documentum/ucf/server/transport/impl/GAIRConnector which
contains two XML structures. Both accept DTD and parse it which allows
exploitation.

2. Instance 3:
Authenticated users can exploit XXE vulnerability by using "File >
Import". Users can import XML files and use "MediaProfile" to open
file which triggers vulnerability.

3. Instance 4:
Authenticated users can exploit XXE vulnerability by using "File >
Check In". Users can use XML check in file and use "MediaProfile" to
open it which triggers vulnerability.

Fix:
====
https://knowledge.opentext.com/knowledge/llisapi.dll/Open/68982774

Contact:
========
Jakub[dot]Palaczynski[at]gmail[dot]com
pawellgocyla[at]gmail[dot]com


#  0day.today [2024-11-15]  #

We DO NOT use Telegram or any messengers / social networks!

Please, beware of scammers!

OpenText Documentum Administrator / Webtop XXE Injection Vulnerability

Report Error

Report Error