제출 #493666: Konica Minolta Web Connection bizhub C368 Cross-Site Request Forgery정보

제목Konica Minolta Web Connection bizhub C368 Cross-Site Request Forgery
설명A unprotected page for authentication can leads to trigger cross site scripting. Attack vector(s) 1. Once the attacker finds the unprotected printer page, navigate to "Box" option found on home page. 2. Click on "User Box List" and register a box. 3. It will show under "User Box list", there click on delete, it will ask for the confirmation, click "ok" and intercept the request then drop it after making csrf POC. 4. Now open the CSRF poc file and trigger the request, it can be seen that the Box has been deleted.
원천⚠️ https://drive.google.com/file/d/1pECiiSWdB_ERzzGrc--WY63IzZxR6i6L/view
사용자
 Upasana (UID 12274)
제출2025. 02. 02. AM 10:36 (1 년도 ago)
모더레이션2025. 06. 09. AM 07:47 (4 months later)
상태수락
VulDB 항목311656 [Konica Minolta bizhub 까지 20250202 교차 사이트 요청 위조]
포인트들20

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!