SQL Monitor version 12.1.31.893 suffers from a cross site scripting vulnerability.
2e57c7f6591cbc8fdfe4907b4fcda1119484148e0e1fa475e83b9b3cd6e08241# Exploit Title: SQL Monitor 12.1.31.893 - Cross-Site Scripting (XSS)
# Date: [12/21/2022 02:07:23 AM UTC]
# Exploit Author: [geeklinuxman@gmail.com]
# Vendor Homepage: [https://www.red-gate.com/]
# Software Link: [https://www.red-gate.com/products/dba/sql-monitor/]
# Version: [SQL Monitor 12.1.31.893]
# Tested on: [Windows OS]
# CVE : [CVE-2022-47870]
[Description]
Cross Site Scripting (XSS) in the web SQL monitor login page in Redgate
SQL Monitor 12.1.31.893 allows remote attackers to inject arbitrary web
Script or HTML via the returnUrl parameter.
[Affected Component] affected returnUrl in
https://sqlmonitor.*.com/Account/Login?returnUrl=&hasAttemptedCookie=True
affected A tag under span with "redirect-timeout" id value
[CVE Impact]
disclosure of the user's session cookie, allowing an attacker to
hijack the user's session and take over the account.
[Attack Vectors]
to exploit the vulnerability, someone must click on the malicious A
HTML tag under span with "redirect-timeout" id value
[Vendor]
http://redgate.com
http://sqlmonitor.com
https://sqlmonitor.
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed