CNVD-2022-42853 Scanner

ZenTao is a project management software widely used by organizations to manage software development projects using methodologies like Agile. Designed to support the complete lifecycle of project development, it caters to the needs of developers, testers, and managers. The software allows for planning, execution, as well as progress tracking, and features capabilities for document sharing and user collaboration. Its systematic approach to project management benefits enterprises aiming for higher efficiency and productivity. Developed by EasyCorp, ZenTao is recognized for its versatility in handling various project scales. The software is accessible to users worldwide, given its open-source structure.

The SQL Injection vulnerability in ZenTao allows attackers to manipulate SQL queries executed against the database. As the SQL injection bypasses the typical authentication mechanisms, it can lead to unauthorized access to sensitive information. Attackers might exploit the vulnerability by inserting malicious SQL commands into input fields or web requests due to improper validation or escaping of input data. This could result in exposure of confidential data, modification of database entries, or execution of further malicious activities. The vulnerability has been classified as critical, with severe potential impacts on data integrity and confidentiality. Being unauthenticated in nature, the attack does not require any prior access to the application.

The SQL injection vulnerability exploits the login endpoint in ZenTao, specifically targeting the parameters concerned with authentication credentials. An attacker can inject an exploit payload through manipulating the login parameters, circumventing adequate input validation. The raw HTTP request provided demonstrates the method of injection, utilizing XML parsing functions to indirectly extract data. Targeting the login mechanism increases the criticality as it permits unauthorized administrative functionalities. This exploitation method can be replicated in different contexts within ZenTao due to insufficient input sanitation. The inclusion of vulnerable code paths leaves ZenTao installations exposed to systematic database abuse.

Exploiting this vulnerability can lead to multiple risks including the extraction of sensitive administrative data and unauthorized modifications within the software's database. Victims could face severe repercussions such as compromised proprietary information, breach of personal data, or even manipulation of application functionalities. The ability to execute arbitrary SQL commands extends the unauthorized capabilities to potentially sabotaging the database itself. Organizations relying heavily on the confidentiality and integrity of their data are at risk of operational disruptions. Attackers could further leverage this to install malicious scripts or backdoors for ongoing unauthorized access.

REFERENCES

• https://github.com/z92g/ZentaoSqli/blob/master/CNVD-2022-42853.go
• https://www.cnvd.org.cn/flaw/show/CNVD-2022-42853