Tongda OA Arbitrary File Upload Scanner

Tongda OA is an office management software widely used in organizations to handle various administrative tasks. It is integrated for workflow management, employee communications, and document handling, making it indispensable in maintaining operational complexities. Due to its comprehensive nature, Tongda OA is primarily used in medium to large enterprises to streamline efficiency in Chinese-speaking regions. The software helps in coordinating tasks and is popular among businesses seeking an organized approach to office management. Furthermore, it offers modular capabilities, allowing organizations to customize features based on their specific needs. This makes it a popular choice for companies looking to maintain a cohesive and unified documentation system.

The arbitrary file upload vulnerability detected in Tongda OA v2017 poses significant security risks. The vulnerability arises due to insufficient file filtering in the action_upload.php file, which does not require background permissions. This security gap allows unauthorized uploading of files, potentially malicious ones, onto the server. Such vulnerabilities are critical as they may permit the execution of arbitrary scripts, leading to unauthorized data access. Potential intruders can exploit this flaw to introduce harmful files into the system, bypassing traditional upload restrictions. The scope of the vulnerability makes it crucial for administrators to patch and secure their installations promptly to prevent exploitation.

Technical details of this vulnerability include the exploitation of the upload functionality in the action_upload.php endpoint. The parameter CONFIG[fileAllowFiles][] is manipulated to permit the upload of executable PHP files, which shouldn't ordinarily be allowed. By sending a specially crafted HTTP request, attackers can exploit this weakness to upload a PHP script and execute commands on the compromised server. The vulnerability centers around the inadequate validation and filtering mechanisms in this upload module, contributing to an environment where unauthorized file execution is possible. Properly addressing this issue involves configuration changes and updates to ensure stringent upload restrictions.

When exploited, the arbitrary file upload vulnerability in Tongda OA v2017 could lead to severe security breaches. Malicious actors can remotely execute scripts, leading to a complete compromise of server security. The vulnerabilities may result in data theft, system outages, or manipulation of stored company data. Additionally, the exploitation may allow attackers to gain administrative privileges or control over functionalities, severely affecting service integrity and confidentiality. Organizations may also face legal and financial repercussions, alongside reputational damage if sensitive data is exposed publicly or misused.

REFERENCES

• https://github.com/PeiQi0/PeiQi-WIKI-Book/blob/main/docs/wiki/oa/%E9%80%9A%E8%BE%BEOA/%E9%80%9A%E8%BE%BEOA%20v2017%20action_upload.php%20%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E4%B8%8A%E4%BC%A0%E6%BC%8F%E6%B4%9E.md
• https://github.com/shadow1ng/fscan/blob/main/WebScan/pocs/tongda-v2017-uploadfile.yml