Landray OA EKP Arbitrary File Download Vulnerability in v16
Vulnerability
An arbitrary file download vulnerability has been identified in Landray OA EKP version 16 and prior. The issue arises in the component '/ui/sys_ui_extend/sysUiExtend.do', where attackers can exploit the vulnerability to download files by manipulating the id parameter. This exploitation can lead to the unauthorized retrieval of sensitive information, such as the password of the background administrator, potentially allowing further access to database permissions.
Impact
Exploitation of this vulnerability could result in unauthorized access to sensitive administrative credentials and database permissions.
Reproduction
The vulnerability can be reproduced by sending a request to the '/ui/sys_ui_extend/sysUiExtend.do' endpoint with a crafted id parameter. The parameter can be manipulated to include '../' sequences to traverse directories and access restricted files. In a Windows environment, '..\' can be used to bypass certain filters. Once the desired files or folders are specified, they will be downloaded as a tarball.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.