Vigil@nce: Microsoft SharePoint Server, Cross Site Scripting via help.aspx
May 2010 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/
SYNTHESIS OF THE VULNERABILITY
An attacker can use the help page of Microsoft SharePoint Server,
in order to generate a Cross Site Scripting.
– Severity: 2/4
– Creation date: 29/04/2010
– Revision date: 30/04/2010
DESCRIPTION OF THE VULNERABILITY
The help page of the Microsoft SharePoint Server environment is
managed by the script "/_layouts/help.aspx".
The "cid0" parameter of help.aspx indicates the name of the
Manifest file. For example:
help.aspx?cid0=MS.WSS.manifest.xml
However, if this parameter contains a null character, the code
located after it is directly displayed in the HTML page.
An attacker can therefore use the help page of Microsoft
SharePoint Server, in order to generate a Cross Site Scripting.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Microsoft-SharePoint-Server-Cross-Site-Scripting-via-help-aspx-9620