0
[webapps] SQL Monitor 12.1.31.893 - Cross-Site Scripting (XSS)
source link: https://www.exploit-db.com/exploits/51218
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
SQL Monitor 12.1.31.893 - Cross-Site Scripting (XSS)
Exploit:
/
# Exploit Title: SQL Monitor 12.1.31.893 - Cross-Site Scripting (XSS)
# Date: [12/21/2022 02:07:23 AM UTC]
# Exploit Author: [[email protected]]
# Vendor Homepage: [https://www.red-gate.com/]
# Software Link: [https://www.red-gate.com/products/dba/sql-monitor/]
# Version: [SQL Monitor 12.1.31.893]
# Tested on: [Windows OS]
# CVE : [CVE-2022-47870]
[Description]
Cross Site Scripting (XSS) in the web SQL monitor login page in Redgate
SQL Monitor 12.1.31.893 allows remote attackers to inject arbitrary web
Script or HTML via the returnUrl parameter.
[Affected Component] affected returnUrl in
https://sqlmonitor.*.com/Account/Login?returnUrl=&hasAttemptedCookie=True
affected A tag under span with "redirect-timeout" id value
[CVE Impact]
disclosure of the user's session cookie, allowing an attacker to
hijack the user's session and take over the account.
[Attack Vectors]
to exploit the vulnerability, someone must click on the malicious A
HTML tag under span with "redirect-timeout" id value
[Vendor]
http://redgate.com
http://sqlmonitor.com
https://sqlmonitor.
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK