Added Hewlett Packard LaserJet Printer - Default Login

[JohnAsbjorn]

Template / PR Information

I created a template that detected certain HP printer installations that use default credentials (Administrator:blank).

• Added hp-printer-default-credentials.yaml
• References: https://h30434.www3.hp.com/t5/Printing-Errors-or-Lights-Stuck-Print-Jobs/What-is-the-user-name-and-password-in-Embedded-Web-Server/td-p/6165417

Template Validation

I've validated this template locally?

• YES
• NO

Additional Details (leave it blank if not applicable)

Below, is the verified output confirming that the template works as intended and the matchers catch the vulnerability accurately.

The screenshots illustrate the initial GET request needed to access the login page, and the subsequent POST request made to the server using the default credentials and regex'd CSRF token. Lastly, the template matchers in the last screenshot show the template matched the words "User: Administrator" which is only present when successfully logged in as the administrator user, as well as the new cookies that are set with the Set-Cookie header in the response from the web server.

In total, the template is configured to match either the words "User: Administrator" or catch the new cookie that is offered by the server.

Additional References:

• Nuclei Template Creation Guideline
• Nuclei Template Matcher Guideline
• Nuclei Template Contribution Guideline
• PD-Community Discord server

[GeorginaReeder]

Thanks so much for your contribution @JohnAsbjorn , we appreciate it!

[JohnAsbjorn]

Always happy to help!