Home page logo

bugtraq logo Bugtraq mailing list archives

Multiple vulnerabilities in MyDMS
From: Jose Antonio <joxeankoret () yahoo es>
Date: 20 Aug 2004 22:50:36 -0000

                Multiple vulnerabilities in  MyDMS  
Author: Joxean Koret 
Date: 2004  
Location: Basque Country 
Affected software description: 
MyDMS is an open-source 
document-management-system based on PHP 
and MySQL  
published under the GPL. 
Web : http://dms.markuswestphal.de/about.html 
A. SQL Injection Vulnerability 
A1. An SQL Injection vulnerability found in the 
file /demo/out/out.ViewFolder.php.  
The parameter "FolderId" is not correctly 
sanitized and an attacker can inject 
any SQL valid command. You can try the error : 
or 1=1as 
NOTE : I put or 1=1as, well, this doesn't work, 
but you can see the entire  
SQL query that the server executes. 
B. Unspecified File Download Vulnerability 
B1. An error in the MyDMS software allows to a 
registered users (and only to 
registered users) to download any file, such 
as /etc/passwd, by inserting in a  
parameter a text such as ../../../../../etc/passwd. 
Affected Versions :  
The SQL Injection problem is in versions prior to 
The file download problem is in all versions. 
The fix: 
The SQL Injection problem is corrected in the 
version 1.4.2. 
The file download problem is not corrected but 
vendor is contacted.  
        Joxean Koret at 

  By Date           By Thread  

Current thread:
  • Multiple vulnerabilities in MyDMS Jose Antonio (Aug 22)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]