Home

Following

Library

Reading history

Stories

Stats

CVE 2020-25890 | XSS in Kyocera Printer - ECOSYS M2640IDW

Sep 15, 2020

--

This post will describe how to explore Cross-Site Scripting in web panel in Kyocera printer

Web Panel Kyocera

PoC - exploiting XSS on web panel

Without being authenticated it is allowed add a new address in “Machine Address Book”, this feature allows to save frequently used destinations

Add new address in “Machine Address book”

Inserting the XSS payload in the “Name” field and saving the address is possible identify the result of attack

XSS Payload

XSS on the page

Sign up to discover human stories that deepen your understanding of the world.

Free

Distraction-free reading. No ads.

Organize your knowledge with lists and highlights.

Tell your story. Find your audience.

Membership

Read member-only stories

Support writers you read most

Earn money for your writing

Listen to audio narrations

Read offline with the Medium app

Written by Vitor Santos

www.linkedin.com/in/Vitor-A-Santos

No responses yet

Write a response

What are your thoughts?

Also publish to my profile

Help
Status
About
Careers
Press
Blog
Privacy
Rules
Terms
Text to speech