Select Page

Jul 9, 2023

Breaking the Mold: Halting a Hacker’s Code ep. 15 – Weaver E-cology9 ofsLogin.jsp Arbitrary User Login

by

Introduction

Weaver E-cology9 is an integrated mobile office cloud platform that provides a range of applications including work reporting, project tasks, CRM, knowledge sharing, approval processes, and data collaboration. Recently, a high-severity vulnerability was discovered in Weaver E-cology9, which allows attackers to log in as arbitrary users by exploiting a hard-coded third-party login key.

Vulnerability

The ofslogin.jsp vulnerability in the mobile plugin of Weaver E-cology9 allows attackers to exploit a flawed login process. By accessing the ofsLogin.jsp file and providing specific parameters, including syscode, receiver, timestamp, loginTokenFromThird, and gopage, attackers can manipulate the loginTokenFromThird value. If the provided loginTokenFromThird value matches the generated loginTokenFromThird2 value, the login process continues. Subsequently, the syscode parameter is used to query the ofs_sendinfo table, examining the hrmtransrule field. If this field is either empty or set to ‘1’, the loginid field in the HrmResource table is used to search for user information based on the receiver value. Upon successful identification of user information, a session is generated, granting the attacker unauthorized access as the forged user. This exploit enables the attacker to gain complete control over the Weaver E-cology9 platform and its associated privileges.

Affected Version

E-cology9 < V10.57.2

Remediation

Official fix: The vendor has released the patches, and we recommend that users upgrade to E-cology9 V10.57.2 or a later version. Please visit:

https://www.weaver.com.cn/cs/securityDownload_en.html?src=en

Implementing the Fix

The Hillstone Networks Intrusion Prevention System (NIPS) and Hillstone Breach Detection System (BDS) can support the detection and protection of this vulnerability.

Figure 1. Hillstone Networks NIPS detects and protects users from this vulnerability
Figure 2. Upgrade IDS signature database to make Hillstone Networks BDS detect and protect users from this vulnerability

The hotspot intelligence of this vulnerability is available on Hillstone Networks iSource as well.

Figure 3. The intelligence of this vulnerability on Hillstone Networks iSource