Shulou(Shulou.com)05/31 Report--

Today, I will talk to you about the security loopholes and solutions that the defenders have to check in the OA system. Many people may not know much about them. In order to make you understand better, the editor has summarized the following contents for you. I hope you can get something from this article.

1. OA system pan-micro (Weaver-Ecology-OA)

Pan-micro OA E-cology (CNVD-2019-32204) remote command execution vulnerability

A vulnerability analysis

The vulnerability lies in beanshell, a component of e-cology, because the interface beanshell can be accessed without authorization, and the interface is not filtered when accepting user requests, resulting in remote command execution. Beanshell, in short, is a miniature java interpreter that can be embedded in other programs for dynamic execution of java code, similar to the dynamic compilation feature in csharp.

B affect the version

E-cology 7.0

E-cology 8.0

E-cology 8.1

E-cology 9.0

C repair recommendations

Officially download the patch

D source

Https://github.com/r0eXpeR/redteam_vul

Pan-micro OA WorkflowCenterTreeData interface injection

A vulnerability analysis

The vulnerability is caused by the lack of security checking measures for SQL statements related to Oracle database in the WorkflowCenterTreeData interface of OA system. Any attacker can take advantage of the splicing of SQL statements to inject malicious payload, resulting in SQL injection attacks. When the WorkflowCenterTreeData interface of generic micro-ecological OA system uses Oracle database, the built-in sql statement is not decomposed strictly, which leads to the vulnerability of sql injection.

B affect the version

All pan-micro websites that use Oracle databases may be affected.

C repair recommendations

At present, no official patch has been released, and all pan-micro websites that use the Oracle database may be affected. Please go offline before the official release of the patch.

D source

Https://github.com/r0eXpeR/redteam_vul

Pan-micro OA database configuration information disclosure

A vulnerability analysis

There is unauthorized access to the pan-micro e-cology OA system / mobile/DBconfigReader.jsp, and the database configuration information can be obtained directly through decryption.

B repair recommendation

Disable access to / mobile/DBconfigReader.jsp

C source

Https://github.com/r0eXpeR/redteam_vul

Pan-micro OA Cloud Bridge does not authorize arbitrary file reading.

A vulnerability analysis

Pan Micro Cloud Bridge (e-Bridge) is a system integration middleware developed by Shanghai Pan Micro Company under the background of "Internet +" to bridge Internet open resources and enterprise information systems. There is an arbitrary file reading vulnerability in Pan-Weiyun Bridge, which can be successfully exploited by attackers to achieve arbitrary file reading and obtain sensitive information.

B affect the version

More than 2018-2019 versions

C repair recommendations

Turn off program routing / file/fileNoLogin

D source

Https://www.cnblogs.com/yuzly/p/13677238.html

Pan-micro OA foreground SQL injection vulnerability

A vulnerability analysis

The flaw is due to the fact that the WorkflowCenterTreeData interface of the OA system is not securely filtered when receiving user input, and malicious SQL statements are passed into the oracle database, resulting in SQL vulnerabilities.

B scope of influence

Pan-micro e-cology OA system using oracle database

C repair recommendations

The official website has been updated. Please update it as soon as possible.

D source

Https://www.cnblogs.com/ffx1/p/12653555.html

Pan-micro OA system / ServiceAction/com.eweaver.base.security.servlet.LoginAction parameter keywordid SQL injection vulnerability

A vulnerability analysis

Pan-micro OA system in

The parameter keywordid is not filtered strictly at / ServiceAction/com.eweaver.base.security.servlet.LoginAction, resulting in a SQL injection vulnerability. Remote attackers can exploit this vulnerability to read sensitive information.

B scope of influence

Pan-microelectronic OA system using oracle database

C repair recommendations

The official website has been updated. Please update it as soon as possible.

D source

Https://www.seebug.org/vuldb/ssvid-91089

To far (Seeyon)

Remote OA A8 htmlofficeservlet getshell vulnerability

A vulnerability analysis

Zhiyuan OA also has more users in China, and the attack and defense drill in 2019 exposed htmlofficeservlet getshell loopholes.

B scope of influence

Zhiyuan A8-V5 Collaborative Management Software V6.1sp1

Zhiyuan A8 + Cooperative Management Software V7.0, V7.0sp1, V7.0sp2, V7.0sp3

Zhiyuan A8+ Collaborative Management Software V7.1

C repair recommendations

1. Update patches in time

two。 Use waf to intercept

D source

Https://www.cnblogs.com/nul1/p/12803555.html

Zhiyuan OA A8 unauthorized access

A vulnerability analysis

Zhiyuan A8-V5 collaborative management software has unauthorized access, which can use ordinary user rights to access system permissions pages to obtain a large number of cache information, such as user information. Using the previously submitted vulnerability "Zhiyuan A8-V5 collaborative management software log information disclosure (kill V5)" to obtain a weak password user to test the http://a8v51.seeyon.com, it is found that Zhiyuan A8-V5 collaborative management software still has unauthorized access, and can use ordinary user rights to access the system permission page to obtain a large amount of cache information.

B scope of influence

Remote OA A8

C repair recommendations

Officially download the latest version

D source

Https://www.cnblogs.com/AtesetEnginner/p/12106741.html

There is a vulnerability of arbitrary user password modification in Zhiyuan A8-V5.

A vulnerability analysis

There are two vulnerabilities in Zhiyuan A8-V5:

One is to ignore the verification code and hit the library, and there is a logic error in the design of Zhiyuan A8-V5. When the user modifies the password, the original password is verified, but there is an unauthorized access vulnerability in the service used for verification. The system responds to the original password verification function of the illegal request, which leads to ignoring the verification code and does not need to attempt the password on the login page.

Second, the password of any user is modified, and there is a logic error in the design of Zhiyuan A8-V5. After verifying the original password in the previous step, the original password is no longer detected in the next step, which directly modifies the user password, resulting in the ultra vires loophole of parallel permissions.

B scope of influence

Remote OA A8-V5

C repair recommendations

The vulnerability location is: / seeyon/htmlofficeservlet, which can be configured with ACL rules.

Or contact the official to obtain the patch, the official website address:

Http://www.seeyon.com/Info/constant.html

D source

Http://wy.zone.ci/bug_detail.php?wybug_id=wooyun-2015-0104942

Access to OA (TongDa OA)

Access to OA any file deletion & file upload RCE

A vulnerability analysis

The authentication file contained in the upload point is deleted through an arbitrary file vulnerability, resulting in unauthorized access to achieve arbitrary file upload.

B scope of influence

Access to OA V11.6

C repair recommendations

upgrade edition

D source

Https://xz.aliyun.com/t/8430

Access to OA any file upload / file contains GetShell

A vulnerability analysis

By bypassing authentication, an attacker can upload an arbitrary file, which can be executed remotely with malicious code if the file is included.

B scope of influence

V11

2017

2106

2105

2013

C repair recommendations

Update officially released patches

D source

Https://xz.aliyun.com/t/7437

Access to OA arbitrary user login vulnerability

A vulnerability analysis

An unauthorized attacker can further attack to take over the privileges of the server by constructing a malicious request for arbitrary user login. An attacker can take over server privileges by exploiting this vulnerability.

B affect the version

Tongda OA2017, V11.X

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.