Tongda OA SQL Injection Scanner

Tongda OA is an office automation software widely used by organizations to enhance productivity through facilitating communication, managing documents, and streamlining processes. It is designed to handle various administrative tasks such as meetings, file management, and workflow automation. The software is commonly utilized by enterprises to improve operational efficiency and to maintain control over company-wide activities. Tongda OA aims to digitize paper-based administrative tasks, providing a centralized platform for employees to collaborate effectively. It is popular in environments where there's a need for a robust system that manages routines through technology. Users benefit from its integrated modules that cater to different aspects of organizational management.

SQL Injection is a serious security issue where an attacker can insert or manipulate SQL queries within a vulnerable input field, leading to unintended database execution. This type of vulnerability allows unauthorized access to view, modify, or delete data stored in the database. SQL Injection can be exploited to compromise application security, leading to theft of sensitive information. The vulnerability is often caused by improper validation and sanitization of user inputs. Attackers exploit these loopholes to execute arbitrary SQL code, potentially gaining access to system backends. Addressing this vulnerability is crucial to protect the integrity and confidentiality of a database.

In the case of Tongda OA v5, the vulnerability is located in the 'swfupload_new.php' file, where input parameters are not adequately sanitized, allowing SQL injection attacks. This endpoint is susceptible because it directly interacts with the database without proper filtering of special characters and SQL syntax. Parameters such as 'ATTACHMENT_ID', 'ATTACHMENT_NAME', 'FILE_SORT', and 'SORT_ID' are passed via POST requests without sufficient validation. A malicious user can exploit this by injecting SQL commands to extract confidential information from the database. The lack of robust security controls around database interactions facilitates the attack vector.

If exploited, this vulnerability can have severe impacts including unauthorized data access, data loss, and potentially full database compromise. Sensitive information such as credentials, personal data, and business records can be extracted or manipulated. The organization may suffer reputational damage and financial losses, and it could also lead to legal repercussions if customer data is involved. Additionally, SQL Injection can pave the way for other attacks, like privilege escalation, when attackers gain deeper access into the system. Addressing this vulnerability promptly is essential to safeguard against data breaches and maintain trust with users.

REFERENCES

• http://wiki.peiqi.tech/wiki/oa/通达OA/通达OA%20v5%20swfupload_new.php%20SQL注入漏洞.html
• https://github.com/zan8in/afrog/blob/main/v2/pocs/afrog-pocs/vulnerability/tongda-swfupload-new-sql-inject.yaml