Larry Kiterling
asked on
HP Printer SQL Injection vulnerability resolution
We have a P4515 that is showing the vulnerability below. I could not find anything related online. Any help would be great.
HP printer
Description Integer based SQL injection vulnerability in enableAS parameter to /hp/device/this.LCDispatch
Confirmed Yes
Severity Level Critical
Severity user file read access
Tutorial SQL injection
Service 443:TCP
Technical Details Normal Request:
POST /hp/device/this.LCDispatch
Host: 10.91.2.62
User-Agent: Mozilla/5.0
Content-length: 447
Content-Type: application/x-www-form-url
Connection: Keep-Alive
Cookie: MFPSESSIONID=010044D3A0E5E
bar=yes,location=
HP printer
Description Integer based SQL injection vulnerability in enableAS parameter to /hp/device/this.LCDispatch
Confirmed Yes
Severity Level Critical
Severity user file read access
Tutorial SQL injection
Service 443:TCP
Technical Details Normal Request:
POST /hp/device/this.LCDispatch
Host: 10.91.2.62
User-Agent: Mozilla/5.0
Content-length: 447
Content-Type: application/x-www-form-url
Connection: Keep-Alive
Cookie: MFPSESSIONID=010044D3A0E5E
bar=yes,location=
ASKER
So what would be the solution or is there not one?
maybe a firmware update will fix it :)
what is yours now? even if it does not it is good to get new firmware... as long as it installed successfully
P4515 Support
https://support.hp.com/us-en/product/HP-LaserJet-P4510-Printer-series/3558888/model/3558889
P4515 Firmware
https://support.hp.com/us-en/drivers/selfservice/hp-laserjet-p4510-printer-series/3558888/model/3558889
Current version
HP LaserJet CP4015 Series Printer Firmware (Includes Code Signing) for - All Operating Systems - (Must Read README Before Installing)
04.270.2 29.9 MB Jan 24, 2017
what is yours now? even if it does not it is good to get new firmware... as long as it installed successfully
P4515 Support
https://support.hp.com/us-en/product/HP-LaserJet-P4510-Printer-series/3558888/model/3558889
P4515 Firmware
https://support.hp.com/us-en/drivers/selfservice/hp-laserjet-p4510-printer-series/3558888/model/3558889
Current version
HP LaserJet CP4015 Series Printer Firmware (Includes Code Signing) for - All Operating Systems - (Must Read README Before Installing)
04.270.2 29.9 MB Jan 24, 2017
This question needs an answer!
Become an EE member today
7 DAY FREE TRIALMembers can start a 7-Day Free trial then enjoy unlimited access to the platform.
View membership options
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Exploiting Integer Based SQL Injection In Nested SQL Queries
https://blog.gdssecurity.com/labs/2013/10/8/exploiting-integer-based-sql-injection-in-nested-sql-queries.html
basically what it says is, if you change enableAS values and post it to "this.LCDispatcher?nav=hp"
meaning, you can get access to all of your results this way...