Disclosure Date:  07/06/2020

CVE-2020-15597

SOPlanning v1.46.01 and possibly before are affected by a persistent cross site scripting vulnerability that can be leveraged for session hijacking.  An attacker can exploit the XSS vulnerability, retrieve the session cookie from the administrator login, and take over the administrator account.

There was a time when almost everyone had on an on-premises Exchange Server.  Out of the box, Exchange Server isn't very secure for any number of reasons and even when you harden Active Directory, Exchange is still somewhat vulnerable.  When hosted Exchange solutions became en vogue, we started migrating everyone off of their on-prem boxes and a small weight was removed from our shoulders. 

Truth be told, I haven't attacked a hosted Exchange solution -- mostly because that's a grey area and it isn't necessary, phishing will do just fine.  But when we're talking about on-prem Exchange, we'll do a little recon and then we'll go after Outlook Web Access. 

I've been poking around HTB lately.  As I was Googling things and looking at the different boxes in the retired section, I saw a mention of Bank.  I think I started Bank at some point because the first couple of steps with DNS seemed vaguely familiar but sometimes I get pulled away from play time and I don't finish what I started.  So anyway, I had a free minute and started over again yesterday and I'm glad I found my way back because it was fun.  A little unrealistic as these things go sometimes but not annoyingly so.