CNVD-2021-28277 Scanner

Landray Office Automation software is commonly used in businesses and organizations for streamlining their administrative and workflow processes. It provides features like document management, workflow automation, and collaboration tools, facilitating better communication and efficiency within the organization. Developed by Landray, this software aims to support enterprises in managing their internal processes effectively. It integrates various tools that help in reducing manual tasks and errors, thereby increasing productivity. Landray's solutions are designed to be scalable and customizable, fitting the specific needs of different organizations. The system typically serves medium to large enterprises across various industries.

The Local File Inclusion (LFI) vulnerability allows attackers to trick the web application into exposing or running files on the server. This can happen when an application dynamically includes files based on user input. If strict input validation is not implemented, an attacker can submit paths to restricted files, such as authentication credentials or application configuration files. LFI vulnerabilities can lead to unauthorized access to system files and critical information. In some cases, they may be exploited to execute arbitrary code or commands on the server. This type of vulnerability poses a serious threat as it can lead to a complete system compromise.

The technical details of this vulnerability in Landray involve the mishandling of file paths in the 'custom.jsp' endpoint. An attacker can manipulate the 'file' parameter to include arbitrary files from the server's filesystem. Specifically, the exploitation can involve common files such as '/etc/passwd' in Unix-based systems or 'C://windows/win.ini' in Windows-based systems. The application does not adequately sanitize user inputs, allowing crafted paths to access sensitive files. Successful exploitation requires sending specially crafted requests, triggering incorrect file handling by the server. The vulnerability is detected by observing file contents or system information that should not be visible externally.

Exploitation of this vulnerability by malicious actors can result in severe consequences, including unauthorized disclosure of sensitive files and data. Attackers could use this information to further compromise the system or escalate privileges. Additionally, accessing configuration files may reveal details that enable further network or application attacks, impacting system integrity and availability. This vulnerability could also lead to an attacker executing arbitrary commands if certain conditions are met, posing a substantial risk to the server and associated data. The exploitation can undermine trust in the system, leading to potential operational disruptions.

REFERENCES

• https://www.aisoutu.com/a/1432457
• https://mp.weixin.qq.com/s/TkUZXKgfEOVqoHKBr3kNdw