MONT125C UND NODAK WEB GUEST WEBSYS WEBARCH MAINFRAME PASSWORD
GET /web/guest/en/websys/webArch/mainFrame.cgi'/>alert(okie)hello Web Image Monitor alert(document.#Unique Name, Users, Urls, Success Conditions, Arguments to send, Users to tryģCOM Switch 1,\x00\x01admin\x00admin\x01tech\x00tech\x01operator\x00operator\x01monitor\x00monitor\x01admin\x00\x01debug\x00synnet\x01root\x00letmein\x01security\x00security\x01manager\x00manager\x01admin\x00comcomcom\x01recovery\x00recovery\x01adm\x00,AUTHTYPE\x02BASIC,ģCOM Switch 2,\x00\x01admin\x00admin\x01tech\x00tech\x01operator\x00operator\x01monitor\x00monitor\x01admin\x00\x01debug\x00synnet\x01root\x00letmein\x01security\x00security\x01manager\x00manager\x01admin\x00comcomcom\x01recovery\x00recovery\x01adm\x00,/ipconfig.htm,AUTHTYPE\x02BASIC,ģCOM WAP 1,admin\x00,/index.htm,CODE\x02200\x01CONTENT\x02!\x00m\x00\x00Invalid Login,Content-Type\x02application/x-Telesis Switch 1,manager\x00friend\x01manager\x00managerĪmanda Smart Network Telephony 1,\x00996\x01\x009997,/context/redirect,AUTHTYPE\x02BASIC,Īmerican Dynamics Video 1,administrator\x00pass,/video.htm,Content-Type\x02application/x-Controls Continuum Server 1,acc\x00acc,/Main,AUTHTYPE\x02BASIC,Īpache Tomcat/Coyote 1,admin\x00\x01admin\x00admin\x01admin\x00tomcat\x01tomcat\x00tomcat\x01tomcat\x00changethis\x01root\x00changethis\x01root\x00root,/manager/html\x01/admin/login.jsp,AUTHTYPE\x02BASIC,ĪPC InfraStruXure 2,apc\x00apc,/nbc/status/Status,AUTHTYPE\x02BASIC,ĪPC NetBotz Environmental Monitoring 1,netbotz\x00netbotz,AUTHTYPE\x02BASIC,ĪPC UPS 1,apc\x00apc,AUTHTYPE\x02BASIC,ĪPC UPS 2,apc\x00apc,/Forms/login1,CODE\x02303\x01LOCATION\x02\x00m\x00\x00home.htm,Content-Type\x02application/x-Webcam 1,\x00\x01root\x00pass,/cgi-bin/config.html,AUTHTYPE\x02BASIC,ĪXIS Webcam 2,admin\x00\x01root\x00pass,/admin.cgi\x01/view/index.shtml,AUTHTYPE\x02BASIC,īrocade FastIron Switch 1,admin\x00password\x01admin\x00admin123\x01root\x00fibranne\x01root\x00fivranne,/Home,AUTHTYPE\x02BASIC,īrocade Mobility WAP 1,admin\x00admin123īrother Printer 1,admin\x00access\x01user\x00access,/admin/administrator_settings.html,AUTHTYPE\x02BASIC,īuffalo LinkStation 1,admin\x00password,/cgi-bin/top.cgi,CODE\x02200\x01CONTENT\x02!\x00m\x00\x00Either the User Name or Password is incorrect,Content-Type\x02application/x-the User Name or Password is incorrect.,Content-Type\x02application/x-Copier 1,/cindex50.cgi?Dummy=1187710434819\x01/cdntcp.cgi?Flag=Init_Data&PageFlag=c_d_nip.tpl&Dummy=1187710975725,ĬA Unicenter Service Desk on Apache-Coyote 1,Ĭisco Call Manager 1,admin\x00admin,/ccmadmin/WEB-INF/pages/j_security_check,CODE\x02200\x01CONTENT\x02!\x00m\x00\x00Log on failed\x01CONTENT2\x02!\x00m\x00\x00Logon failed,Referer\x02/ccmadmin/showHome.do\x01Content-Type\x02application/x-IP VTC 1,admin\x00cisco,/goform/loginCgi,CONTENT\x02!\x00m\x00\x00authFailed=1,Content-Type\x02application/x-Login,Referer\x02/admin.html\x01Content-Type\x02application/x-username and password,Content-Type\x02application/x-Color Laser Printer 2,admin\x00,/goform/form_printersystemset,Args\x02duh=1\x01Method\x02POST\x01AUTHTYPE\x02BASIC,ĭell EqualLogic SAN 1,grpadmin\x00grpadminĭell ILOM 1,admin\x00password,CODE\x02200\x01CONTENT\x02!\x00m\x00\x00Authentication Failure,Content-Type\x02application/x-PowerVault Tape Library 1,root\x00calvin\x01admin\x00powerapp,/loginverify. Request made to the http site of the printer and the application makes a redirect to https site, which is injecting the URI value in the response in oder to redirect to the site url. The web portal of RICOH MP C4503 Web Image Monitor application is vulnerable to the HTML injection, reflected cross site scripting and sensitive data disclosure. In the guest mode, machine status, settings, and print job status can be viewed, but the machine settings cannot be changed. Guest Mode This mode requires no login to enter.
Displayed Items may differ depending on the machine type. Vulnerability: Cross site scripting (Reflected) & HTML injection There are two modes available with Web Image Monitor: guest mode and administrator mode. # Reference : MP C4503 Web Image Monitor XSS and HTML injection # Affected Product: RICOH MP C4503 Web Image Monitor # Google Dork: inurl:/web/guest/en/websys/webArch/mainFrame.cgi
# Exploit Title: RICOH MP C4503 Web Image Monitor XSS and HTML injection
0 kommentar(er)
