HackDig : Dig high-quality web security articles for hacker

OpenText Documentum Administrator and Webtop - Open Redirection

2017-09-26 11:15
Title: OpenText Documentum Administrator and Webtop - Open Redirection
Author: Jakub Palaczynski
Date: 24. September 2017
CVE (Administrator): CVE-2017-14524
CVE (Webtop): CVE-2017-14525

Affected software:
Documentum Administrator
Documentum Webtop

Exploit was tested on:
Documentum Administrator version 7.2.0180.0055
Documentum Webtop version 6.8.0160.0073
Other versions may also be vulnerable.

Open Redirection - 2 instances:

Please note that examples below are for Documentum Administrator, but
the same exploitation takes place in Webtop.

1. First instance:
It is possible to frame custom/malicious website on a trusted domain.
This way an attacker may for example steal credentials via creating
fake login form or redirect users to a malicious website.

Proof of Concept:

2. Second instance:
It is possible to redirect user to custom website. Besides redirection
it also allows for stealing sensitive data - before redirection takes
place application appends username and base64 encoded user's encrypted
password ("ticket" parameter).

Proof of Concept:
Please note that PoC below works only in Internet Explorer browser as
only this browser treats /%09/ as //, which makes redirection work.



Sent through the Full Disclosure mailing list
Web Archives & RSS: http://seclists.org/fulldisclosure/

Source: 75/peS/7102/erusolcsidlluf/gro.stsilces

Read:2797 | Comments:0 | Tags:No Tag

“OpenText Documentum Administrator and Webtop - Open Redirection”0 Comments

Submit A Comment



Blog :

Verification Code:


Share high-quality web security related articles with you:)


Tag Cloud