CVE-2023-27350

This exploit leverages CVE-2023-27350 to achieve remote code execution (RCE) on PaperCut NG/MG versions 8.0 and later by manipulating user synchronization settings and injecting a reverse shell payload via the login form.

This exploit bypasses authentication in PaperCut NG/MG by leveraging a vulnerable endpoint to access the Dashboard without credentials. It first checks the version via the SetupCompleted page and then provides a URL to bypass the login.

This repository contains a functional exploit for CVE-2023-27350, which chains an authentication bypass with abuse of built-in scripting functionality in PaperCut MF/NG to achieve remote code execution. The exploit automates the process of obtaining a valid session, enabling script execution, and executing arbitrary commands.

The repository contains a functional Python script that exploits an authentication bypass vulnerability in PaperCut MF/NG by checking the version and providing a URL to bypass authentication. It demonstrates the vulnerability by accessing the SetupCompleted page and then suggesting a crafted URL for dashboard access.

This repository contains a functional exploit for CVE-2023-27350, targeting PaperCut MF/NG. The exploit allows unauthenticated remote code execution (RCE) by manipulating printer script settings and injecting malicious commands.

The repository contains a Python script that scans for vulnerable versions of PaperCut MF/NG by checking the version number from a specific endpoint. It does not exploit the vulnerability but identifies potentially vulnerable instances.

This repository contains a functional exploit for CVE-2023-27350, which leverages improper access controls in the `SetupCompleted` Java class of PaperCut servers to achieve unauthenticated remote code execution (RCE). The exploit automates the process of reconfiguring server settings to enable script execution and reverts changes upon exit.

The repository contains a Python script that scans for CVE-2023-27350, an authentication bypass vulnerability in PaperCut MF/NG. It checks for vulnerable versions by accessing specific endpoints and parsing the response.

This repository contains a functional Bash script that exploits CVE-2023-27350, an authentication bypass and remote code execution vulnerability in PaperCut NG/MG. The script automates the exploitation process, including bypassing authentication, enabling script execution, and injecting a command via the printer scripting engine.

This repository contains a functional exploit for CVE-2023-27350, which chains an authentication bypass with abuse of built-in scripting functionality in PaperCut MF/NG to achieve remote code execution. The exploit automates the process of obtaining a valid session, enabling scripting, and executing arbitrary commands.

This PoC demonstrates an authentication bypass vulnerability in PaperCut MF/NG by accessing specific endpoints without valid credentials. It includes a Python script that checks the version and provides steps to exploit the vulnerability.

The repository describes an authentication bypass vulnerability in PaperCut NG 22.0.5 (Build 63914) due to improper access control in the SetupCompleted class, allowing remote attackers to execute arbitrary code as SYSTEM without authentication.

The repository contains a Python script that scans for PaperCut servers vulnerable to CVE-2023-27350 by checking for specific HTML patterns in the response. It does not exploit the vulnerability but identifies potentially vulnerable targets.

This repository contains a detailed writeup for the Advent of Cyber '23 Side Quest, including descriptions of challenges, flags, and narrative context. It does not include exploit code but provides technical and contextual information about the challenges.

This Metasploit module exploits an authentication bypass in PaperCut NG (CVE-2023-27350) to modify server configurations and achieve remote code execution via the RhinoJS engine. It bypasses authentication, disables sandboxing, and executes arbitrary Java payloads.