Tongda OA Remote Code Execution (RCE) Scanner

The Tongda OA software is a widely used office automation system utilized by numerous organizations around the world. Developed and maintained by TDXK, it is designed to facilitate business processes and improve operational efficiency. Its primary users include corporate offices, educational institutions, and governmental organizations. The software provides various features such as email management, document handling, and workflow automation. The particular version discussed here, 9 SP7, is vulnerable to a remote code execution issue. Ensuring the security of Tongda OA is crucial for maintaining data integrity and operational continuity in the organizations using it.

The vulnerability in question is a Remote Code Execution (RCE) flaw in the Tongda OA system. It allows an attacker to execute unauthorized commands on the server by exploiting a vulnerable endpoint. This vulnerability could lead attackers to compromise system integrity by running arbitrary PHP code. The flaw specifically resides in the 'dologin' endpoint, making it a critical security issue. RCE vulnerabilities are particularly dangerous as they allow attackers to carry out attacks remotely without physical access. These attacks can lead to complete control of the system, data theft, and further exploitation of network resources.

Technical details reveal that the 'dologin' endpoint is especially exposed, allowing attackers to inject PHP code. Attackers craft GET parameters to manipulate how the server processes inputs, typically injecting a string that is evaluated as code. In this specific case, an MD5 hash comparison reveals successful exploitation. The attacker can use this vulnerability to gain unauthorized access through crafted HTTP requests. A check for status code 200 and specific words in responses helps confirm the presence of this vulnerability. This requires meticulous analysis of server responses to identify and confirm unauthorized code execution.

The potential effects of exploiting this vulnerability are severe. Should an attacker manage to execute code remotely, they could gain full control of the server running Tongda OA. This could result in unauthorized access to sensitive organizational data, modification or deletion of critical files, and potential distribution of malware. The compromised server might be used for further attacks within the network, leading to substantial security breaches. Organizations might face operational disruptions, financial losses, and reputational damage due to such incidents. It is imperative to address such vulnerabilities to preserve the security and functionality of affected systems.