UI
  • ABOUT US
  • UNSAFE
    • sAMAccountName Spoofing in the Forest
    • Pass-the-Hash Attack Over Named Pipes Against ESET Server Security
    • Netcat Relay
    • Hiren's BootCD in the AD
    • Abusing LAPS
  • INLINE
    • Asena
    • Suyla
    • dcFinder
  • 0DAY
    • ADManager Plus Build < 7210 Elevation of Privilege Vulnerability (CVE-2024-24409)
    • Asp.Net Zero v12.3.0 - HTML Injection Leads To Open Redirect via Websockets (CVE-2023-48003)
    • ManageEngine ADManager Plus Build < 7183 - Recovery Password Disclosure (CVE-2023-31492)
    • Multiple ManageEngine Applications Critical Information Disclosure Vulnerability
    • Thecus N4800Eco Nas Server Control Panel Comand Injection
    • ManageEngine ADSelfService Plus 6.1 CSV Injection (CVE-2021-33256)
    • Openlitespeed Web Server 1.7.8 - Privilege Escalation (CVE-2021-26758)
    • KLOG Server (Authenticated) Command Injection (CVE-2021-3317)
    • Cokpit version 234 - Server Side Request Forgery (CVE-2020-35850)
    • KLOG Server Unauthenticated Command Injection (CVE-2020-35729)
    • Pearson Vue - VUEApplicationWrapper Unquoted Service Path (CVE-2020-36154)
    • Intel(r) Management and Security Application 5.2 - UNS Unquoted Service Path
    • BRAdmin Professional 3.75 - Unquoted Service Path
Powered by GitBook
On this page
  • # Details
  • # Proof Of Concept

Was this helpful?

  1. 0DAY

Asp.Net Zero v12.3.0 - HTML Injection Leads To Open Redirect via Websockets (CVE-2023-48003)

# Details

An open redirect through HTML injection in user messages in Asp.Net Zero before 12.3.0 allows remote attackers to redirect targeted victims to any URL via the '<meta http-equiv="refresh"' in the WebSocket messages.

# Exploit Title: Asp.Net Zero v12.3.0 - HTML Injection Leads To Open Redirect via Websockets
# Exploit Author: Metin Yunus Kandemir
# Vendor Homepage: https://aspnetzero.com/
# Software Link: https://aspnetzero.com/
# Version: Asp.Net Zero < v12.3.0

# Proof Of Concept
As a concept, messages are transmitted with websockets. A user can redirect the victim user to an arbitrary URL through a message.
1. Send following as message to targeted online user:

<META HTTP-EQUIV="refresh" »
CONTENT="0;url=https://target-url/">

2. The redirection is triggered without interaction when the message sent by the attacker appears on the victim user's dashboard.

# Proof Of Concept

PreviousADManager Plus Build < 7210 Elevation of Privilege Vulnerability (CVE-2024-24409)NextManageEngine ADManager Plus Build < 7183 - Recovery Password Disclosure (CVE-2023-31492)

Last updated 1 year ago

Was this helpful?

https://github.com/passtheticket/vulnerability-research/blob/main/aspnetzero_html_injection_via_websockets_messages.md