Share
# Exploit Title: RICOH Web Image Monitor 1.09 - HTML Injection  
# Date: 2019-05-06   
# Exploit Author: Ismail Tasdelen  
# Vendor Homepage: https://www.ricoh.com/  
# Hardware Link: http://support-download.com/services/device/webhlp/nb/gen/v140cc1/en/p_top010.html  
# Software: RICOH Web Image Monitor  
# Product Version: v1.09  
# Vulernability Type: Code Injection  
# Vulenrability: HTML Injection  
# CVE: N/A  
  
# Descripton :  
# It has been discovered that in the v1.09 version of Image Monitor from  
# RICOH, HTML Injection can be run on the /web/entry/en/address/adrsSetUserWizard.cgi  
# function. This vulnerability affected all hardware that uses the entire  
# Image Monitor v1.09.  
  
# Attack Vectors :  
  
You can run HTML Injection on the entryNameIn and entryDisplayNameIn in the corresponding function.  
HTML Injection Payload : "><h1>ismailtasdelen