Asp.Net Zero v12.3.0 - HTML Injection Leads To Open Redirect via Websockets (CVE-2023-48003)
# Details
An open redirect through HTML injection in user messages in Asp.Net Zero before 12.3.0 allows remote attackers to redirect targeted victims to any URL via the '<meta http-equiv="refresh"' in the WebSocket messages.
# Exploit Title: Asp.Net Zero v12.3.0 - HTML Injection Leads To Open Redirect via Websockets
# Exploit Author: Metin Yunus Kandemir
# Vendor Homepage: https://aspnetzero.com/
# Software Link: https://aspnetzero.com/
# Version: Asp.Net Zero < v12.3.0
# Proof Of Concept
As a concept, messages are transmitted with websockets. A user can redirect the victim user to an arbitrary URL through a message.
1. Send following as message to targeted online user:
<META HTTP-EQUIV="refresh" ยป
CONTENT="0;url=https://target-url/">
2. The redirection is triggered without interaction when the message sent by the attacker appears on the victim user's dashboard.
# Proof Of Concept
PreviousADManager Plus Build < 7210 Elevation of Privilege Vulnerability (CVE-2024-24409)NextManageEngine ADManager Plus Build < 7183 - Recovery Password Disclosure (CVE-2023-31492)
Last updated
Was this helpful?