OpenText Documentum Content Server SQL Injection

Posted by deepcore on April 26, 2017 – 7:39 am

OpenText Documentum Content Server has an inadequate protection mechanism against SQL injection, which allows remote authenticated users to execute arbitrary code with super-user privileges by leveraging the availability of the dm_bp_transition docbase method with a user-created dm_procedure object, as demonstrated by use of a backspace character in an injected string. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-2513. This code is a proof of concept exploit.

This post is under “exploit” and has no respond so far.
If you enjoy this article, make sure you subscribe to my RSS Feed.

Post a reply

You must be logged in to post a comment.

« Dell Customer Connect 1.3.28.0 Privilege Escalation OXATIS 2017 Cross Site Scripting »

:: Deepquest ::

This site contains information which could be considered illegal in some countries. It is provided here for educational use only and is not intended to be used for illegal activities.

OpenText Documentum Content Server SQL Injection

Post a reply

Tabs Switcher

Categories

Archives

Meta

BLOGROLL