| tiêu đề | Konica Minolta Web Connection bizhub C368 Cross-Site Request Forgery |
|---|
| Mô tả | A unprotected page for authentication can leads to trigger cross site scripting.
Attack vector(s)
1. Once the attacker finds the unprotected printer page, navigate to "Box" option found on home page.
2. Click on "User Box List" and register a box.
3. It will show under "User Box list", there click on delete, it will ask for the confirmation, click "ok" and intercept the request then drop it after making csrf POC.
4. Now open the CSRF poc file and trigger the request, it can be seen that the Box has been deleted. |
|---|
| Nguồn | ⚠️ https://drive.google.com/file/d/1pECiiSWdB_ERzzGrc--WY63IzZxR6i6L/view |
|---|
| Người dùng | Upasana (UID 12274) |
|---|
| Đệ trình | 02/02/2025 10:36 (cách đây 1 Năm) |
|---|
| Kiểm duyệt | 09/06/2025 07:47 (4 months later) |
|---|
| Trạng thái | được chấp nhận |
|---|
| Mục VulDB | 311656 [Konica Minolta bizhub đến 20250202 Giả mạo yêu cầu liên trang] |
|---|
| điểm | 20 |
|---|