Ricoh web image monitor 1.09 html injection Vulnerability / Exploit
/
/
/
Exploits / Vulnerability Discovered : 2019-12-30 |
Type : webapps |
Platform : hardware
This exploit / vulnerability Ricoh web image monitor 1.09 html injection is for educational purposes only and if it is used you will do on your own risk!
# Descripton :
# It has been discovered that in the v1.09 version of Image Monitor from
# RICOH, HTML Injection can be run on the /web/entry/en/address/adrsSetUserWizard.cgi
# function. This vulnerability affected all hardware that uses the entire
# Image Monitor v1.09.
# Attack Vectors :
You can run HTML Injection on the entryNameIn and entryDisplayNameIn in the corresponding function.
HTML Injection Payload : "><h1>ismailtasdelen