Tongda OA ReportShop Data Retrieval SQL Injection
Identifies an SQL injection flaw in Tongda OA ReportShop’s get_datas.php endpoint, enabling attackers to extract or manipulate data via error-based payloads.
Short Info
Level
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
10 seconds
Time Interval
5 days 7 hours
Scan only one
Domain, Subdomain, IPv4
Toolbox
The Tongda OA software is widely used by organizations for office automation purposes. It simplifies administrative tasks like document management, workflow automation, and communication within teams. Companies across various sectors employ Tongda OA to improve operational efficiency and streamline internal processes. Its capabilities support both large and small-scale businesses, integrating various office functions into a cohesive platform. However, as with many software systems, it requires continuous monitoring for vulnerabilities to maintain security. This scanner targets specific vulnerabilities that may exist within different versions of Tongda OA to ensure optimal protection.
SQL Injection (SQLi) is a web security vulnerability that allows an attacker to interfere with the queries that an application makes to its database. It generally occurs when an application takes untrusted data and sends it to an interpreter as a part of a query or command. The primary consequence of exploiting an SQLi flaw is unauthorized navigation through the application's database, which can lead to unauthorized data retrieval. Tongda OA is susceptible to SQLi, particularly within its file path `/general/reportshop/utils/get_datas.php`, which is prone to such attacks. Proper validation of user input and queries is crucial to mitigating this risk.
In this error-based SQL Injection, the vulnerability occurs at the endpoint `/general/reportshop/utils/get_datas.php` when unsanitized inputs within the query parameters `USER_ID`, `PASSWORD`, `col`, and `tab` are directly entered into SQL statements. The attack is executed by manipulating the SQL query through UNION-based SQL Injection. Understanding how to manipulate these parameters allows attackers to retrieve sensitive database information or alter the database. Hence, any exposure can have severe implications on data confidentiality and integrity, making it critical to secure these input vectors.
Exploiting this vulnerability would allow attackers to access, modify, or even delete the contents of a database. It can lead to unauthorized data retrieval of sensitive information such as user credentials or contact details. If an attacker obtains access to an administrative account, they could potentially gain full system access, leading to a complete breach of confidentiality, integrity, and availability. In severe cases, the exploitation could disrupt the entire office automation system, halting business operations.
