Saturday, 21 September 2013


Microsoft SharePoint vulnerable to Exception Handling Web Vulnerability 

The Vulnerability Laboratory Research Team discovered a persistent web vulnerability in the official Microsoft Sharepoint Online (cloud-based) application. The vulnerability allows remote attackers to inject own malicious script code to a vulnerable module on application-side (persistent). The vulnerability is located in the `Sharepoint Online Cloud 2013 Service` section when processing to request the `Berechtigungen für den Metadatenspeicher festlegen` module with manipulated ms-descriptionText > ctl00_PlaceHolderDialogBodySection_ PlaceHolderDialogBodyMainSection_ValSummary parameters. The persistent injected script code execution occurs in the main `invalid BDC Übereinstimmung` web application exception-handling The vulnerability can be exploited with a low (restricted) privileged application user account and low or medium required user interaction. Successful exploitation of the vulnerability result in persistent session hijacking, persistent phishing, stable external redirect, stable external malware loads and persistent vulnerable module context manipulation. 

The vulnerability is fixed

No comments:

Post a Comment