Vigil@nce: Microsoft SharePoint, Cross Site Scripting
November 2008 by Vigil@nce
An attacker allowed to upload a malicious content to Microsoft
SharePoint can create a Cross Site Scripting.
– Gravity: 1/4
– Consequences: data reading
– Provenance: user account
– Means of attack: no proof of concept, no attack
– Ability of attacker: expert (4/4)
– Confidence: multiples sources (3/5)
– Diffusion of the vulnerable configuration: high (3/3)
– Creation date: 13/11/2008
IMPACTED PRODUCTS
– Microsoft Office SharePoint Portal Server
– Microsoft Office SharePoint Server
– SharePoint Team Services
– Windows SharePoint Services
DESCRIPTION
SharePoint users can upload HTML files on the server.
These files are not filtered, and the JavaScript code they contain
runs in the same context as documents uploaded by other users.
An attacker, with no access to some information, can therefore
invite the victim to read a malicious document which accesses to
other documents with victim’s rights.
CHARACTERISTICS
– Identifiers: CVE-2008-5026, VIGILANCE-VUL-8245
– Url: http://vigilance.fr/vulnerability/8245