| Título | TOTVS Food Service - BAC + IDOR leads to unauthorized access to sms messages from other companies. |
|---|
| Descripción | "TOTVS Food Service, Standard plan, is ideal for bars, restaurants, cafeterias and other companies in the food segment, which value the quality of service and excellence in the financial management of the establishment."
The TOTVS Food Service - Standard product has a BAC + IDOR vulnerability on the endpoint:
/message/form/<Base64 number 1-750>
By changing this ID, we were able to edit the order status sms message for other restaurants/bars other than ours.
To reproduce this vulnerability, it is necessary to have a low-privilege account on a host that uses the TOTVS Food product.
The vulnerability affects all TOTVs customers who use this product.
/message/form/NzQx (base64 decode=741)
/message/form/MQ== (base64 decode=1)
/message/form/NTI4
Video Link PoC:
https://www.youtube.com/watch?v=yjc92hb6T8s
Credentials for test and url:
https://totvsfood.ninegrid.com.br/
Login: [email protected]
Password: ninegrid123 |
|---|
| Fuente | ⚠️ https://totvs.store/br/produto/totvs-food-service-standard.html |
|---|
| Usuario | Stux (UID 40142) |
|---|
| Sumisión | 2023-04-30 06:08 (hace 3 años) |
|---|
| Moderación | 2023-04-30 07:52 (2 hours later) |
|---|
| Estado | Aceptado |
|---|
| Entrada de VulDB | 227759 [TOTVS Food Service Order Status /message/form/ escalada de privilegios] |
|---|
| Puntos | 20 |
|---|