RICOH Web Image Monitor 1.09 – HTML Injection

• Exploit Database
• 13 阅读

• 作者： Ismail Tasdelen
  日期： 2019-12-30
• 类别：

  • webapps
  平台：

  • hardware
• 来源：https://www.exploit-db.com/exploits/47827/

• # Exploit Title: RICOH Web Image Monitor 1.09 - HTML Injection
  # Date: 2019-05-06 
  # Exploit Author: Ismail Tasdelen
  # Vendor Homepage: https://www.ricoh.com/
  # Hardware Link: http://support-download.com/services/device/webhlp/nb/gen/v140cc1/en/p_top010.html
  # Software: RICOH Web Image Monitor
  # Product Version: v1.09
  # Vulernability Type: Code Injection
  # Vulenrability: HTML Injection
  # CVE: N/A
  
  # Descripton :
  # It has been discovered that in the v1.09 version of Image Monitor from
  # RICOH, HTML Injection can be run on the /web/entry/en/address/adrsSetUserWizard.cgi
  # function. This vulnerability affected all hardware that uses the entire
  # Image Monitor v1.09.
  
  # Attack Vectors :
  
  You can run HTML Injection on the entryNameIn and entryDisplayNameIn in the corresponding function.
  HTML Injection Payload : "><h1>ismailtasdelen