Tongda OA Authentication Bypass Scanner

The Tongda OA system is widely used in organizations for efficient office management. It provides a comprehensive set of tools for handling tasks, communication, and office automation processes. Typically adopted by administrative departments, this software aids in streamlining operations by integrating various office functions into a single platform. The software is crucial in improving productivity by facilitating better information flow and decision-making processes. Due to its extensive use in managing sensitive company information, maintaining its security is paramount. Regular updates and vulnerability checks are necessary to ensure secure operations and the protection of data.

The Authorization Bypass vulnerability allows attackers to gain unauthorized access to a system's backend. This type of vulnerability is particularly critical because it bypasses standard authentication protocols, granting malicious users access to potentially sensitive information. Attackers can manipulate requests to gain entry without proper credentials, leading to significant security breaches. This vulnerability can be exploited by sending crafted requests to specific endpoints of the application. The persistent threat requires vigilant monitoring and patching by administrators to mitigate potential exploits. It highlights the importance of robust authentication mechanisms and access controls in software systems.

Technically, the vulnerability is exploited by targeting the header.inc.php file in Tongda OA's system. The attackers can send a malicious request to this specific file and obtain essential cookies. These cookies, once acquired, can bypass authentication steps, allowing the intruder to access backend resources. The vulnerable parameter involves manipulating the session variables within this file to gain unauthorized access. The vulnerability is exacerbated by the file's inadequate session and cookie handling, which fails to validate user credentials effectively. This issue signifies a major flaw in session management within the software, posing a critical security threat.

When exploited, this vulnerability can lead to unauthorized data access, data manipulation, and potential information leaks. Sensitive user data, such as employee information and confidential office communications, can be exposed, leading to privacy breaches. Additionally, unauthorized access to the system could allow attackers to execute commands or extract further information from the system's database. The integrity and availability of the system may be compromised, resulting in operational disruptions. The exploitation of this vulnerability thus poses severe risks to an organization’s data security and operational integrity.

REFERENCES

• https://github.com/Phuong39/2022-HW-POC/blob/main/%E9%80%9A%E8%BE%BEOA%E7%99%BB%E5%BD%95%E8%AE%A4%E8%AF%81%E7%BB%95%E8%BF%87.md
• https://github.com/zan8in/afrog/blob/main/v2/pocs/afrog-pocs/vulnerability/tongda-oa-2017-auth-bypass.yaml