Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

Kyocera Command Center RX ECOSYS M2035dn - Local File Inclusion

By kannthu

High
Vidoc logoVidoc Module
#edb#printer#iot#kyocera#lfi
Description

What is the "Kyocera Command Center RX ECOSYS M2035dn - Local File Inclusion?"

The "Kyocera Command Center RX ECOSYS M2035dn - Local File Inclusion" module is designed to detect a vulnerability in the Kyocera Command Center RX ECOSYS M2035dn software. This vulnerability allows unauthenticated local file inclusion, which can lead to unauthorized access to sensitive files on the system. The severity of this vulnerability is classified as high.

This module was authored by 0x_Akoko.

Impact

If exploited, the local file inclusion vulnerability in the Kyocera Command Center RX ECOSYS M2035dn software can allow an attacker to access sensitive files on the system. This can potentially lead to unauthorized disclosure of sensitive information or even compromise the entire system.

How the module works?

The module works by sending a specific HTTP request to the target system. It attempts to access the "/js/../../../../../../../../etc/passwd%00.jpg" path, which is a common technique used to exploit local file inclusion vulnerabilities.

The module then applies matching conditions to determine if the vulnerability is present. It checks if the response contains the string "root:[x*]:0:0" using a regular expression matcher. Additionally, it verifies that the response status is 200, indicating a successful request.

By detecting these conditions, the module can determine if the Kyocera Command Center RX ECOSYS M2035dn software is vulnerable to unauthenticated local file inclusion.

For more information, you can refer to the following references:

- https://www.exploit-db.com/exploits/50738 - https://

Module preview

Concurrent Requests (1)
1. HTTP Request template
GET/js/../../../../../....
Matching conditions
regex: root:[x*]:0:0and
status: 200
Passive global matcher
No matching conditions.
On match action
Report vulnerability