------------------------------------------------------------------ - EXPL-A-2003-018 exploitlabs.com Advisory 018 ------------------------------------------------------------------ -= HP Color LaserJet 4550 =- Donnie Werner July 22, 2003 http://exploitlabs.com Product: -------- Hewlet Packard Color LaserJet 4550 ( possibly others ) Vunerability(s): ---------------- 1. Remote Persistant Xss DoS 2. no default password Description of product: ----------------------- "Designed for business professionals who want to communicate more effectively using high-quality, professional - looking color documents" VUNERABILITY / EXPLOIT ====================== 1. Remote Persistant Xss DoS ------------------------------- The remote administration interface of the HP Color LaserJet 4550 uses extensive javascript in building dynamic content for administration of the printers setup and manegment. uhh oh.. Detail: by introducing XSS we render the remote interface useless... Example 1. Add Link: The HP allows an inclusion of a user definable link... http://[printer-ip]/hp/device/this.LCDispatcher?update=html&cat=0&pos=0&submit=go http://[printer-ip]/hp/device/this.LCDispatcher as you can see the left hand menu has completly been rendered useless... ( sorry ) Device: LINKS: when re-renderd we get weird out put depending on the JS used.. some examples.. http://