# Exploit Title: SQL Monitor - Cross-Site Scripting (XSS) 
# Date: [12/21/2022 02:07:23 AM UTC]
# Exploit Author: [[email protected]]
# Vendor Homepage: []
# Software Link: []
# Version: [SQL Monitor]
# Tested on: [Windows OS]
# CVE : [CVE-2022-47870]

 Cross Site Scripting (XSS) in the web SQL monitor login page in Redgate
 SQL Monitor allows remote attackers to inject arbitrary web
 Script or HTML via the returnUrl parameter.

 [Affected Component] affected returnUrl in
 affected A tag under span with "redirect-timeout" id value

 [CVE Impact]
 disclosure of the user's session cookie, allowing an attacker to
hijack the user's session and take over the account.

 [Attack Vectors]
 to exploit the vulnerability, someone must click on the malicious A
HTML tag under span with "redirect-timeout" id value