Tongda OA report_bi.func.php SQL Injection Scanner

The Tongda OA software is widely used in various organizations for efficient office management and automation of administrative tasks. The software integrates various functionalities from document management to workflow automation, helping employees manage their daily tasks effectively. It is typically deployed in office environments where coordination and communication between departments is essential. Its comprehensive suite caters to both small-scale and large-scale entities, providing an all-in-one solution for office administration. Tongda OA is favored for its ease of use and customizable features, making it adaptable to different types of business processes.

SQL Injection is a code injection technique that might destroy your database. It is one of the most common web hacking techniques. It exploits a web application which uses input from a user as part of a SQL query to an underlying database. It typically allows an attacker to view data that they are not normally able to retrieve, including data belonging to other users, or any other data that the application itself is able to access. SQL Injection flaws can allow for the complete compromise of the host running the application, bypass authentication and access control, exfiltrate data, or corrupt the application’s data.

The vulnerability in question specifically arises from improper validation of user inputs within the script 'report_bi.func.php' in Tongda OA v6. Attackers can manipulate input fields to execute arbitrary SQL commands through entries such as the 'dataset_id' parameter. By exploiting this issue, attackers can extract sensitive information from the database, such as user credentials. The endpoint facilitates union-based injections, which may allow attackers to retrieve current database and user details from the application. The lack of proper parameterization of queries makes this endpoint an active target for SQL Injection attacks.

Exploiting this SQL Injection vulnerability could allow an attacker unauthorized access to sensitive data stored in Tongda OA. Attackers might gain access to confidential information, alter existing data, perform administrative operations, or even impersonate users. Such breaches could lead not only to serious data privacy violations but also financial and reputational damages if sensitive company data is exposed or manipulated. Continuous database exploitation without mitigation could result in a fully compromised backend and loss of data integrity.

REFERENCES

• https://github.com/PeiQi0/PeiQi-WIKI-Book/blob/main/docs/wiki/oa/%E9%80%9A%E8%BE%BEOA/%E9%80%9A%E8%BE%BEOA%20v6%20report_bi.func.php%20SQL%E6%B3%A8%E5%85%A5%E6%BC%8F%E6%B4%9E.md