提出 #493666: Konica Minolta Web Connection bizhub C368 Cross-Site Request Forgery情報

タイトルKonica Minolta Web Connection bizhub C368 Cross-Site Request Forgery
説明A unprotected page for authentication can leads to trigger cross site scripting. Attack vector(s) 1. Once the attacker finds the unprotected printer page, navigate to "Box" option found on home page. 2. Click on "User Box List" and register a box. 3. It will show under "User Box list", there click on delete, it will ask for the confirmation, click "ok" and intercept the request then drop it after making csrf POC. 4. Now open the CSRF poc file and trigger the request, it can be seen that the Box has been deleted.
ソース⚠️ https://drive.google.com/file/d/1pECiiSWdB_ERzzGrc--WY63IzZxR6i6L/view
ユーザー
 Upasana (UID 12274)
送信2025年02月02日 10:36 (1 年 ago)
モデレーション2025年06月09日 07:47 (4 months later)
ステータス承諾済み
VulDBエントリ311656 [Konica Minolta bizhub 迄 20250202 クロスサイトリクエストフォージェリ]
ポイント20

Do you want to use VulDB in your project?

Use the official API to access entries easily!