Exploits / Vulnerability Discovered : 2018-04-09 |
Type : webapps |
Platform : linux
This exploit / vulnerability Kyocera net admin 3.4 crosssite request forgery (add admin) is for educational purposes only and if it is used you will do on your own risk!
[+] Code ...
#Vendor: KYOCERA Corporation
#Product https://global.kyocera.com
#Affected version: 3.4.0906
#
#Summary: KYOCERA Net Admin is Kyocera's unified
#device management software that uses a web-based
#platform to give network administrators easy and
#uncomplicated control to handle a fleet for up to
#10,000 devices. Tasks that used to require multiple
#programs or walking to each printer can now be
#accomplished in a single, fast and modern environment.
#
#Desc: The application interface allows users to perform
#certain actions via HTTP requests without performing
#any validity checks to verify the requests. This can
#be exploited to perform certain actions with administrative
#privileges if a logged-in user visits a malicious web
#site.
#
#Tested on: Microsoft Windows 7 Professional SP1 (EN)
#Apache Tomcat/8.5.15
#
#
#Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
#@zeroscience
#
#
#Advisory ID: ZSL-2018-5458
#Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5458.php