Tongda OA Information Disclosure Scanner

The Tongda OA software is mainly used by businesses and organizations in China for office automation. It provides a comprehensive solution for managing documents, communication, and scheduling within an organization. Designed to streamline internal processes, it is used widely among Chinese enterprises and government agencies. It aims to facilitate workflow management, improving efficiency and productivity among teams. It integrates various functionalities within a user-friendly interface, making it accessible to users with various levels of technical expertise. Generally, Tongda OA is incorporated to optimize administrative operations, allowing more effective resource management and communication flow.

This vulnerability concerns the unintended exposure of sensitive information within Tongda OA. It can occur when certain features or components fail to adequately protect private data from unauthorized access. In particular, information disclosure vulnerabilities often result from insufficient access control measures on endpoints holding sensitive data. Attackers who exploit these vulnerabilities can glean confidential information intended only for internal use. Consequently, attackers can use the disclosed information for malicious purposes, such as identity theft or unauthorized data manipulation. Addressing these vulnerabilities is essential for maintaining the confidentiality and integrity of sensitive information.

The vulnerability is located in the 'get_contactlist.php' file, which can be accessed through a specific HTTP GET request. The relevant endpoint is accessed by appending 'mobile/inc/get_contactlist.php?P=1&KWORD=%25&isuser_info=3' to the base URL of the server running the software. By exploiting this endpoint, an attacker can retrieve data containing user identifiers and names, which are sensitive pieces of information. The vulnerability is likely caused by the lack of authentication checks or other security mechanisms before returning user data. The matchers are configured to look for specific JSON keys in the response, such as 'user_uid', 'user_name', and 'priv_name', ensuring potential exploits are detected.

If exploited, this vulnerability could lead to severe consequences, including unauthorized disclosure of user information which could be employed in larger-scale attacks. Malicious actors could leverage disclosed sensitive details to perpetrate social engineering attacks or unauthorized data manipulation within the organization. Additionally, compromised user information might be used to gain unauthorized access to the system, posing a major security risk for businesses and their stakeholders. Mitigation is crucial to safeguard users' personal and professional data, ensuring that it does not fall into the wrong hands. Awareness and timely countermeasures are essential in limiting possible threats stemming from this vulnerability.

REFERENCES

• https://github.com/zan8in/afrog/blob/main/v2/pocs/afrog-pocs/vulnerability/tongda-contact-list-disclosure.yaml