Tongda OA register/turn SQL Injection Scanner

The Tongda OA software is a comprehensive office management solution used by various businesses to streamline administrative tasks. Primarily, it provides a unified platform that facilitates communication, documentation, and workflow management. The software is widely employed in corporate environments where effective document and schedule management are critical. Its extensive features make it appealing to organizations looking to enhance productivity. Tongda OA is also preferred by businesses that operate internationally due to its multi-language support. The software's integration capabilities with other office systems enrich its functionality.

The SQL Injection vulnerability detected in Tongda OA v2013 affects the register/turn endpoint, potentially allowing attackers to manipulate SQL queries. This type of attack exploits improper handling of user-generated input, enabling unauthorized access or data extraction. SQL Injection is a critical vulnerability because it can lead to a complete compromise of the affected database. Attackers can leverage this flaw to execute arbitrary SQL commands against the underlying database management system. Consequently, any sensitive information stored within the database can be exposed. It's an urgent issue that must be addressed to protect sensitive data and maintain system integrity.

The vulnerable endpoint in Tongda OA involves the `/general/document/index.php/recv/register/turn` path. Attackers can inject malicious SQL code through the `rid` parameter, which is improperly sanitized. The attack is confirmed successful when the response contains specific error messages indicating faulty SQL syntax, such as "You have an error in your SQL syntax." The attack payload exploits the underlying SQL query construction, allowing attackers to manipulate or extract data. This specific variation of SQL injection targets dynamic query execution vulnerabilities within the application.

If exploited, the SQL Injection vulnerability can lead to unauthorized data access, data breaches, and potentially full control over the database server. This might result in the theft of sensitive user information, including credentials or financial records, from compromised systems. In extreme cases, attackers could insert backdoors or manipulate data to disrupt business processes. The potential for significant privacy violations and business disruptions makes this vulnerability a critical risk.