Microsoft SharePoint vulnerable to Exception Handling Web Vulnerability

The Vulnerability Laboratory Research Team discovered a persistent web vulnerability in the official Microsoft Sharepoint Online (cloud-based) application.

The vulnerability allows remote attackers to inject own malicious script code to a vulnerable module on application-side (persistent).

The vulnerability is located in the `Sharepoint Online Cloud 2013 Service` section when processing to request the `Berechtigungen für
den Metadatenspeicher festlegen` module with manipulated ms-descriptionText > ctl00_PlaceHolderDialogBodySection_
PlaceHolderDialogBodyMainSection_ValSummary parameters. The persistent injected script code execution occurs in the main
`invalid BDC Übereinstimmung` web application exception-handling

The vulnerability can be exploited with a low (restricted) privileged application user account and low or medium required user interaction.
Successful exploitation of the vulnerability result in persistent session hijacking, persistent phishing, stable external redirect, stable
external malware loads and persistent vulnerable module context manipulation.

The vulnerability is fixed .

 

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s