Office Anywhere TongDa - Path Traversal

What is the "Office Anywhere TongDa - Path Traversal?" module?

The "Office Anywhere TongDa - Path Traversal" module is designed to detect path traversal vulnerabilities in the Office Anywhere (OA) software. This vulnerability can be exploited to execute remote code. The severity of this vulnerability is classified as critical.

This module was authored by pikpikcu.

Impact

A successful exploitation of the path traversal vulnerability in Office Anywhere can lead to remote code execution. This means that an attacker can execute arbitrary code on the affected system, potentially gaining unauthorized access and control over it.

How does the module work?

The module sends an HTTP POST request to the "/ispirit/interface/gateway.php" endpoint with a specific payload. The payload includes a JSON object with a "url" parameter set to "/general/../../mysql5/my.ini". This payload is designed to traverse the file system and access the "my.ini" file, which typically contains sensitive configuration information, such as database credentials.

The module then applies several matching conditions to determine if the path traversal vulnerability exists:

- The response body must contain the strings "[mysql]" and "password=". - The response headers must include the string "text/html". - The HTTP response status code must be 200.

If all of these conditions are met, the module reports the vulnerability.

Classification:

CWE-ID: CWE-77

CVSS-Metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

CVSS-Score: 10

Reference:

- https://github.com/jas