Weaver OA Common Controller Arbitrary File Upload Scanner

Weaver OA is a widely used office automation software in businesses and organizations, providing a collaborative platform for managing documents, tasks, and workflows. It is primarily used by corporate enterprises, governmental bodies, and other large organizations to streamline operations and increase productivity. The software allows users to share documents, collaborate on projects, and manage organizational resources effectively. As a critical tool for streamlining business processes, ensuring the security of Weaver OA is of significant importance. The software integrates with various other services and systems and serves as a central hub for document and process management in many enterprises.

The Arbitrary File Upload vulnerability in Weaver OA allows unauthorized users to upload files of different types without proper restrictions. This particular vulnerability can enable attackers to upload malicious scripts or executable files to the server. If the server executes these files, it could result in unauthorized access or complete takeover of the server. The lack of proper file type validation or enforcement of security policies on the upload functionality is the root cause of this vulnerability. Such vulnerabilities can be exploited for harmful activities such as defacement, data theft, or deploying further malicious exploits.

Technically, the vulnerability occurs due to inadequate validation mechanisms in the file upload feature of Weaver OA. The vulnerable endpoint is /weaver/weaver.common.Ctrl/, which is not sufficiently protected against uploads with dangerous file types. Attackers can manipulate the Content-Type headers and bypass existing file restrictions to upload scripts disguised as benign files. The malicious payload, typically a webshell, can then be accessed through indirect requests to the uploaded file path, enabling the attacker to execute code on the server.

When exploited, the Arbitrary File Upload vulnerability can lead to severe consequences for the affected system. Attackers may gain full access to the server, allowing them to manipulate or steal sensitive organizational data. Further implications involve the potential to alter or delete vital enterprise data, install backdoors for persistent access, and pivot to other parts of the network. This can lead to loss of data integrity, confidentiality breaches, and disruptions to business operations, causing financial and reputational damage.