Posted by johnkennedy on Jan 03

The admin console’s event viewer displays logged event data inside of
<pre></pre> tags. An attack string like
“</pre><script>alert(‘hi’)</script>” in any place across Enterprise
Search that will cause an error, like instead of a number or for the
username on the login page or through the new Federated Authentication,
will then be stored in the event log. The payload will execute each…
Read More – Full Disclosure

By |2021-01-03T22:19:56-05:00January 3rd, 2021|