UI
Search
K

Asp.Net Zero v12.3.0 - HTML Injection Leads To Open Redirect via Websockets (CVE-2023-48003)

Details

An open redirect through HTML injection in user messages in Asp.Net Zero before 12.3.0 allows remote attackers to redirect targeted victims to any URL via the '<meta http-equiv="refresh"' in the WebSocket messages.
# Exploit Title: Asp.Net Zero v12.3.0 - HTML Injection Leads To Open Redirect via Websockets
# Exploit Author: Metin Yunus Kandemir
# Vendor Homepage: https://aspnetzero.com/
# Software Link: https://aspnetzero.com/
# Version: Asp.Net Zero < v12.3.0
# Proof Of Concept
As a concept, messages are transmitted with websockets. A user can redirect the victim user to an arbitrary URL through a message.
1. Send following as message to targeted online user:
<META HTTP-EQUIV="refresh" »
CONTENT="0;url=https://target-url/">
2. The redirection is triggered without interaction when the message sent by the attacker appears on the victim user's dashboard.

Screen Record About The Vulnerability