Member Login
menu

Income Tax India Patches Bug That Could Have Allowed Hackers Hack Its Website

20/02/2020

The Income Tax India website had a security flaw that could have allowed hackers to deface or even totally hack its website.

Discovered by Dhiraj Mishra, the security researcher found that the site was susceptible to a previously disclosed remote code execution vulnerability on Microsoft SharePoint, identified as CVE-2019-0604. This flaw was already added to the National Vulnerability Database of the U.S. department of commerce back on March 5, 2019.

What this means, The Income Tax India's website was vulnerable for about one year.

According to Mishra, the vulnerability was reported to the Indian Computer Emergency Response Team (CERT-in) on February 12.

The issue was acknowledged the next day, and was patched over the following days, without further information at the same.

incometaxindia.gov.in - CVE-2019-0604
The incometaxindia.gov.in had a dangerous flaw. (Credit: Dhiraj Mishra)

According to Mishra on a website post:

"Few days ago I saw a post from alienvault which says attackers are still exploiting SharePoint vulnerability to attack middle east government organization. Having said that I found Income Tax Department India and MIT Sloan was also vulnerable to CVE-2019-0604 a remote code execution vulnerability which exists in Microsoft SharePoint. A malicious actor could exploit this vulnerability by simply sending a specially crafted SharePoint application package."

"I found this vulnerability during my free time while I was browsing to ZoomEye to find such component. The application (incometaxindia.gov.in) was found to be vulnerable as it was using SharePoint as a technology to host its service. To verify this I've sent a crafted payload which enable the remote server (incometaxindia.gov.in) to perform a DNS lookup on my burp collaborator."

Remote code execution (RCE) vulnerabilities are common in the cyber security space.

On its advisory web page, Microsoft details CVE-2019-0604 as RCE that exists in Microsoft SharePoint when the software fails to check the source markup of an application package. Hackers who could exploit the vulnerability could run arbitrary code in the context of the SharePoint application pool and the SharePoint server farm account.

Exploitation of this vulnerability requires the hackers to first upload a specially crafted SharePoint application package to an affected version of SharePoint.

By exploiting the vulnerabilities, hackers with malicious intent can hack website from anywhere around the globe, allowing them to tap into their web servers and access the servers' file system, among other things.

In The Income Tax India's case, this particular bug can be critical since the files in its servers can be deemed sensitive, as it includes financial details of millions of individuals.

Fortunately, there was no loss of data due to the presence of this bug, since there has been no such disclosure from the Income Tax department.