| عنوان | TOTVS Food Service - BAC + IDOR leads to unauthorized access to sms messages from other companies. |
|---|
| الوصف | "TOTVS Food Service, Standard plan, is ideal for bars, restaurants, cafeterias and other companies in the food segment, which value the quality of service and excellence in the financial management of the establishment."
The TOTVS Food Service - Standard product has a BAC + IDOR vulnerability on the endpoint:
/message/form/<Base64 number 1-750>
By changing this ID, we were able to edit the order status sms message for other restaurants/bars other than ours.
To reproduce this vulnerability, it is necessary to have a low-privilege account on a host that uses the TOTVS Food product.
The vulnerability affects all TOTVs customers who use this product.
/message/form/NzQx (base64 decode=741)
/message/form/MQ== (base64 decode=1)
/message/form/NTI4
Video Link PoC:
https://www.youtube.com/watch?v=yjc92hb6T8s
Credentials for test and url:
https://totvsfood.ninegrid.com.br/
Login: [email protected]
Password: ninegrid123 |
|---|
| المصدر | ⚠️ https://totvs.store/br/produto/totvs-food-service-standard.html |
|---|
| المستخدم | Stux (UID 40142) |
|---|
| ارسال | 30/04/2023 06:08 AM (3 سنوات منذ) |
|---|
| الاعتدال | 30/04/2023 07:52 AM (2 hours later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 227759 [TOTVS Food Service Order Status /message/form/ تجاوز الصلاحيات] |
|---|
| النقاط | 20 |
|---|