Kingdee EAS Local File Inclusion Scanner

Kingdee EAS is an enterprise application software used primarily by businesses for operational, financial, and administrative management. Developed by Kingdee International Software Group, it offers a modular approach allowing integration with several business management processes. The software is deployed in medium to large organizations seeking to streamline their operations through a unified digital platform. Kingdee EAS serves as a comprehensive suite covering accounting, HR, supply chain, and more. In addition, its flexibility and adaptability make it a popular choice in various industries. Compared to other ERP solutions, Kingdee EAS provides a tailored fit for Chinese enterprises with aspirations for international deployment.

The vulnerability in question is Local File Inclusion (LFI), which allows attackers to include files that are located elsewhere on the server during execution. This type of vulnerability is often exploited when input to a web application is not properly sanitized, allowing potentially malicious files or content to be accessed through the server. In particular, an LFI vulnerability can be used to display the content of arbitrary files, including sensitive configuration files, passwords, and other vital data. As such, it poses a significant security risk because it not only offers access to potentially confidential data but also serves as a vector for remote code execution if further exploited. Early detection and mitigation are crucial to prevent data breaches or malicious system takeovers.

The technical specifics of this vulnerability involve the functionality where the Kingdee EAS OA server_file endpoint allows local file inclusion. This occurs via certain URL parameters, such as folder and suffix, which are not properly sanitized, thus permitting an attacker to traverse directories and potentially access sensitive files. The hard-coded paths like C:// (for Windows environments) or / (for Linux environments) can be manipulated to disclose unintended files. By exploiting these endpoints, unauthorized access to critical server information becomes possible. The vulnerability primarily lies in how the software handles file paths in requests to the server_file interface.

Exploiting the Local File Inclusion vulnerability can have several adverse impacts. Firstly, it can lead to unintended exposure of internal files and data leading to confidentiality breaches. Secondly, it might allow the attacker to execute remote commands if they manage to load executable scripts. Additionally, an LFI could potentially be combined with other types of vulnerabilities for more extensive system compromise. Consequently, its exploitation can result in significant disruptions to business operations, loss of sensitive data, and financial implications due to service downtime and potential third-party damages.

REFERENCES

• https://github.com/nu0l/poc-wiki/blob/main/%E9%87%91%E8%9D%B6OA%20server_file%20%E7%9B%AE%E5%BD%95%E9%81%8D%E5%8E%86%E6%BC%8F%E6%B4%9E.md