Exploits / Vulnerability Discovered : 2023-04-03 |
Type : webapps |
Platform : multiple
This exploit / vulnerability Sql monitor 12.1.31.893 crosssite scripting (xss) is for educational purposes only and if it is used you will do on your own risk!
[Description]
Cross Site Scripting (XSS) in the web SQL monitor login page in Redgate
SQL Monitor 12.1.31.893 allows remote attackers to inject arbitrary web
Script or HTML via the returnUrl parameter.
[Affected Component] affected returnUrl in
https://sqlmonitor.*.com/Account/Login?returnUrl=&hasAttemptedCookie=True
affected A tag under span with "redirect-timeout" id value
[CVE Impact]
disclosure of the user's session cookie, allowing an attacker to
hijack the user's session and take over the account.
[Attack Vectors]
to exploit the vulnerability, someone must click on the malicious A
HTML tag under span with "redirect-timeout" id value