Search This Blog

Powered by Blogger.

Blog Archive

Labels

Microsoft SharePoint vulnerable to Exception Handling Web Vulnerability

The Vulnerability Laboratory Research Team discovered a persistent web vulnerability in the official Microsoft Sharepoint Online (cloud-based) application.
The Vulnerability Laboratory Research Team discovered a persistent web vulnerability in the official Microsoft Sharepoint Online (cloud-based) application.

The vulnerability allows remote attackers to inject own malicious script code to a vulnerable module on application-side (persistent).

The vulnerability is located in the `Sharepoint Online Cloud 2013 Service` section when processing to request the `Berechtigungen für
den Metadatenspeicher festlegen` module with manipulated ms-descriptionText > ctl00_PlaceHolderDialogBodySection_
PlaceHolderDialogBodyMainSection_ValSummary parameters. The persistent injected script code execution occurs in the main
`invalid BDC Übereinstimmung` web application exception-handling

The vulnerability can be exploited with a low (restricted) privileged application user account and low or medium required user interaction.
Successful exploitation of the vulnerability result in persistent session hijacking, persistent phishing, stable external redirect, stable
external malware loads and persistent vulnerable module context manipulation.

The vulnerability is fixed .

Share it:

hacker news

Vulnerability

Vulnerability Lab

Vulnerability report