what you don't know can hurt you

OpenText Documentum Webtop 5.3 SP2 Open Redirect

OpenText Documentum Webtop 5.3 SP2 Open Redirect
Posted Feb 7, 2019
Authored by Rafael Pedrero

OpenText Documentum Webtop version 5.3.SP2 suffers from an open redirection vulnerability.

tags | exploit, xss
advisories | CVE-2019-7416
MD5 | 102dd183fab1da8ddddaaccbe760332a

OpenText Documentum Webtop 5.3 SP2 Open Redirect

Change Mirror Download
<!--
# Exploit Title: Client Side URL Redirect (OTG-CLIENT-004) in OpenText
Documentum Webtop 5.3 SP2
# Date: 17-01-2019
# Exploit Author: Rafael Pedrero
# Vendor Homepage:
https://www.opentext.com/products-and-solutions/products/opentext-product-offerings-catalog/rebranded-products/documentum
# Software Link:
https://www.opentext.com/products-and-solutions/products/opentext-product-offerings-catalog/rebranded-products/documentum
# Version: OpenText Documentum Webtop 5.3 SP2
# Tested on: all
# CVE : CVE-2019-7416
# Category: webapps

1. Description

XSS and/or a Client Side URL Redirect exists in OpenText Documentum Webtop
5.3 SP2. The parameter startat in "/webtop/help/en/default.htm" is
vulnerable.

Client Side URL Redirect (OTG-CLIENT-004) and/or Cross Site Scripting
exists in OpenText Documentum Webtop 5.3 SP2. The parameter startat in
"/webtop/help/en/default.htm" is vulnerable.


2. Proof of Concept

http://X.X.X.X/webtop/help/en/default.htm?startat=http://site

Vulnerable parameter: startat


3. Solution:

Update to last version this product.
Patch:
https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#XSS_Prevention_Rules

Note: Vulnerability found in 2006.

-->


Login or Register to add favorites

File Archive:

August 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    3 Files
  • 2
    Aug 2nd
    2 Files
  • 3
    Aug 3rd
    32 Files
  • 4
    Aug 4th
    22 Files
  • 5
    Aug 5th
    0 Files
  • 6
    Aug 6th
    0 Files
  • 7
    Aug 7th
    0 Files
  • 8
    Aug 8th
    0 Files
  • 9
    Aug 9th
    0 Files
  • 10
    Aug 10th
    0 Files
  • 11
    Aug 11th
    0 Files
  • 12
    Aug 12th
    0 Files
  • 13
    Aug 13th
    0 Files
  • 14
    Aug 14th
    0 Files
  • 15
    Aug 15th
    0 Files
  • 16
    Aug 16th
    0 Files
  • 17
    Aug 17th
    0 Files
  • 18
    Aug 18th
    0 Files
  • 19
    Aug 19th
    0 Files
  • 20
    Aug 20th
    0 Files
  • 21
    Aug 21st
    0 Files
  • 22
    Aug 22nd
    0 Files
  • 23
    Aug 23rd
    0 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close